Antivirus software cuts two ways. It's great at blocking known viruses, but it can sometimes misfire, mistakenly flagging clean files as malicious. That sends a computer into a tailspin trying to clean up stuff that's supposed to be on there.
The problem can crash a computer, and fixing it can be a bear.
An example emerged this week when users of antivirus software made by Islandia, N.Y.-based CA Inc. watched as their machines warned of an infection and started quarantining files that turned out to be legitimate.
Lee Jay Mandell, a 60-year-old retired computer consultant and patent attorney from the Los Angeles area, said the problem popped up on his computer Wednesday night. He knew something was wrong because he recognized the types of files that were being quarantined were parts of Microsoft Corp.'s Windows operating system.
He drew on his technical experience to restore the machine, but says less adept users might stumble.
"I'm back, but it took me about six hours to get back," he said Friday.
Every antivirus company deals with false positives, and it's an embarrassment for companies whose job is to protect people's machines from sabotage. It happens because legitimate files sometimes have programming code or behaviors that are identical to those of viruses. The antivirus software spots files it believes are malicious and starts plucking them out.
The results can range from annoyance to outright meltdown of the machine if critical files are targeted. Last week some people using McAfee Inc.'s antivirus software said their computers crashed because of a false positive.
McAfee said the false positive only happened on older versions of its software that are no longer supported by the company. Newer versions won't have the problem.
CA apologized for the problem Mandell and others encountered and said its last major false positive was three years ago.
"Minor false positives happen periodically, but CA has historically maintained an industry low rate of false positives," the company said in a statement.
Cleaning up a false positive detection isn't always easy. The program might do it for you. But sometimes a user might need to go into the list of quarantined files and manually rename them, or call the company to request software to do the task automatically.
CA emphasized that the files that its software wrongly spotted as viruses this week were quarantined or renamed, not deleted, and "are recoverable."
The lesson: Pay close attention to your computer if it's telling you it's found a virus and is cleaning it up. You might need to call your antivirus vendor's customer support to help you make sure your machine is totally clean — or to help you recover files if the cleanup was a false alarm.