ESET managed to ruin the Monday morning of many system administrators today, after the company rolled out a virus signature database update to Windows computers that wrongly flagged all Internet websites as infected.
The update's version is 13102 (20160229) and affected only Windows machines, for both home and business users. ESET was quickly made aware of the issue, and by afternoon, the company quickly rolled out version 13103 to remove the false positive detections.
Clients who are still having problems are encouraged to trigger a manual update if the auto-update process has not kicked it just yet. Customers who needed Internet access and rolled back their virus signature database to a previous version that didn't flag all Internet sites as malware-infected can now update as well.
This is not the first time an antivirus vendor botches an update to show troves of false positives, and it isn't going to be the last one either.
For this particular case, NOD32 was telling customers that all the sites they were navigating to, including high-reputation domains like microsoft.com, amazon.com, and ebay.com, were infected with malware.
The two warnings sighted today were for the JS/ScrInject.B and HTML/Refresh.BC trojans. ESET's virus database doesn't include details about JS/ScrInject.B, but HTML/Refresh.BC is known to hijack and redirect users to malicious URLs.
We have identified an issue with our latest signature, until it's resolved we recommend rolling back your virus signature database (1/2) — ESET (@ESETUK) February 29, 2016
Guide to rolling back for business users: https://t.co/3ndtR8PV1v Home users can follow this guide: https://t.co/u9cLHaGoxT (2/2) — ESET (@ESETUK) February 29, 2016
The earlier issue is now fixed. Virus signature update V13103 is the latest version and no longer flags false positives. Update ASAP — ESET (@ESETUK) February 29, 2016