14 DAY TRIAL // Users of the Sophos antivirus engine for Windows had a busy and frustrating weekend after a false positive error blocked access to the winlogon.exe file, used in the Windows login process, effectively preventing users from accessing their PCs.
The error caused a lot of angry Twitter rants, with customers unable to understand why they couldn't log into their PCs over the weekend.
The Sophos team were on hand to fix the issue and announced their snafu on early Sunday morning, providing an emergency update to fix their virus signature database, and remove the false virus detection.
At the heart of the issue was a Sophos signature that marked the "C:\Windows\System32\winlogon.exe" as infected with the Troj/FarFli-CT spyware, and blocked Windows access to this crucial file that is the de-facto executable for the Logon screen.
As such, users were left staring at a black screen for hours without any clue of what was actually going on.
Users still troubled by this error can visit this Sophos support page for more details. The easiest way to fix the issue is to boot Windows in Safe Mode, disable the Sophos antivirus service, boot again, log in, start the antivirus and trigger an immediate update to remove the false positive detection.
According to the Sophos support topic, only users running Windows 7 SP1 on 32-bit platforms have been affected.