CA eTrust ITM has gone completely nuts today, with a load of seemingly random false positives mostly for StdWin32 in a large number of binaries, including some components of eTrust itself.
The core problem seems to be a signature update from 31.6.6672 to 33.3.7051, there seems to be little consistency in what is being detected as a false positive although there are multiple occurrences of Nokia software, VNC and event DLLs and EXEs belonging to eTrust's core components.
Probably the best thing to do is block the update or change the Realtime scanning behaviour to "disabled" or "report only".
Update: problem seems to have started at about 0525 GMT when the new signature pattern applied. There no consistent pattern to the infected files, it looks like it happens at random. Several other people seem to be having the same issue!
Update 2: Signature pattern 34.0.6674 appears to fix this problem. You can then enjoy repairing your faulty machines.. thanks CA!
Update 3: Amusingly, CA eTrust seems to have deleted its own key components in many cases. I don't know if this is the first recorded case of an anti-virus application mistaking itself as malware!
Update 4: CA have released a statment as follows:
Last night, CA released a new updated antimalware engine. This new release has resulted in false positive detections of a number of files. CA Threat Manager customers are the only customers being affected by this issue. This is not a result of signature updates and does not impact CA consumer Internet security products.
To resolve the issue, CA has rolled back the new engine and re-released its previous antimalware engine. CA customer support representatives are on call to answer customer questions and to provide remediation support. A remediation tool to rename the quarantined files is now available through CA support and will soon be accessible online.
CA is aggressively working to resolve the issue, assist any customers who have been affected, as well as identify the root cause of the incident. We apologize for this inconvenience and look forward to the roll out of our new antimalware engine, which will ultimately offer our customers many benefits including enhanced malware protection and improved performance.
Update 5: Got a mention on El Reg.. funny thing is that I went in to work today wearing my El Reg T-Shirt. Coincidence? Consiparacy? Cockup?
PS: Please remember to read the comments if you are still having problems!