An anti-virus definition update released by Computer Associates late yesterday appears to have rendered false positive reports of the win32/Glenwiry.p virus for at least some people. In the process of protecting your computer, the anti-virus may quarantine your C:/WINDOWS/system32/wextract.exe and/or C:/WINDOWS/system32/dllcache/wextract.exe. The problem is that once these files are quarantined, you may encounter problems during a reboot as Windows could prompt you to insert your system disk.

Some users have reported calling CA and being advised to upgrade anti-virus definitions again. After the Computer Associates AV definition upgrade, the false positive reports appear to go away.

I noted at least one discussion of this issue on the ZoneAlarm message board where the resolution appeared to be an update to the anti-virus definitions (making me think that maybe ZoneAlarm and CA share a common source for their AV definitions?).

There is also some message activity on the Computer Associates official discussion forum about this.

IMPORTANT: Never assume an AV alert is false! First update your anti-virus definitions. If you continue to get warnings search the site of your anti-virus software for possible resolutions and problem reports. Use EXTREME caution searching the Internet for cures to the Glenwiry – it appears a LARGE number of sites showing in the search results are themselves malware. I would search only the anti-virus sites themselves for suggested solutions
via: Clients First Business Solutions

Link: win32/GlenWiry.p fiasco blog post at Rabid Wombats
Link: Yahoo Answers – What is Win32/Glenwiry.p
Link: ZoneAlarm Malware Discussion Board: ZA can’t treat a virus…