Avira recognises Internet Explorer as a trojan
The virus scanner from the German software vendor Avira (known until the beginning of this year as H+BEDV) installed an update with a defective signature library that then declared Internet Explorer 6 to be the TR.Spy.Goldun.ML trojan. In light of that virus alarm, several uneasy users deleted Internet Explorer to rid themselves of the purported trojan.
Helmut Büsker from Avira reports that in spite of his company's internal tests of the incremental updates, an incorrect signature landed in signature files 6.36.01.127 and 6.36.01.134. It was distributed today (Wednesday) at 7:25 am. The error was quickly noted and was removed through a new signature database one-half hour later. Affected users can recreate the file where necessary from the quarantine. Window XP's Windows File Protection will also automatically arrange for the recreation of the missing files. Avira believes this means that damages are limited.
If a user took the additional step of deleting both the original and backup files for Internet Explorer, however, then the Microsoft web browser cannot be resuscitated. The OS's installation CD is then required to make things right.
Every virus scanner must occasionally deal with the after-effects of harmless files being incorrectly labelled as viruses, known as false positives. Regular backups of important data and system partitions can help guard against unintended system disruption through defective signatures or malware.