ESET rolls out NOD32 virus signature database version 13103 to address all the false positive detections

Feb 29, 2016 16:23 GMT  ·  By

ESET managed to ruin the Monday morning of many system administrators today, after the company rolled out a virus signature database update to Windows computers that wrongly flagged all Internet websites as infected.

The update's version is 13102 (20160229) and affected only Windows machines, for both home and business users. ESET was quickly made aware of the issue, and by afternoon, the company quickly rolled out version 13103 to remove the false positive detections.

Clients who are still having problems are encouraged to trigger a manual update if the auto-update process has not kicked it just yet. Customers who needed Internet access and rolled back their virus signature database to a previous version that didn't flag all Internet sites as malware-infected can now update as well.

This is not the first time an antivirus vendor botches an update to show troves of false positives, and it isn't going to be the last one either.

For this particular case, NOD32 was telling customers that all the sites they were navigating to, including high-reputation domains like microsoft.com, amazon.com, and ebay.com, were infected with malware.

The two warnings sighted today were for the JS/ScrInject.B and HTML/Refresh.BC trojans. ESET's virus database doesn't include details about JS/ScrInject.B, but HTML/Refresh.BC is known to hijack and redirect users to malicious URLs.