CA Antivirus blocks Windows system files

After yesterday's update of virus databases, users of CA Anti-Virus 2009 could observe how a number of Windows system files were detected by the scanner as viruses and were sent to quarantine. The CA Anti-Virus support forum cited various test results — on average, 8 to 15 files were blocked.

7/8/2009 16:58:31 PM File infection: C:\WINDOWS\system32\net.exe is Win32/AMalum.ZZNPB infection. Quarantined
7/8/2009 16:58:32 PM File infection: C:\WINDOWS\system32\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined
7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\net.exe is Win32/AMalum.ZZNPB infection. Quarantined
7/8/2009 16:58:38 PM File infection: C:\windows\ServicePackFiles\i386\net.exe is Win32/AMalum.ZZNPB infection.
7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined
7/8/2009 16:58:39 PM File infection: C:\windows\ServicePackFiles\i386\netsh.exe is Win32/AMalum.ZZOKH infection.
7/8/2009 16:58:42 PM File infection: C:\WINDOWS\system32\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined
7/8/2009 16:58:47 PM File infection: C:\windows\SERVIC~1\i386\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined
7/8/2009 16:58:47 PM File infection: C:\windows\ServicePackFiles\i386\reg.exe is Win32/AMalum.ZZOAF infection.
7/8/2009 16:58:49 PM File infection: C:\WINDOWS\system32\verclsid.exe is Win32/AMalum.ZZNRA infection. Quarantined

The problem is mainly affected by users of Windows XP SP3, but the problem was also expressed by users of other versions of the system.

Interestingly, this is not the first case of false positives among Western antiviruses in recent months. On July 3-4, after updating the signatures, McAfee users found that their machines were infected with the PWS! Hv.aq Trojan, for which the scanner took quite normal system files.