Jump to content

Recommended Posts

Posted

[10nov08] Reports are reaching us that today�s update of the AVG 8.0 crashed many computers. After the update AVG 8.0 thinks that "user32.dll" is a virus: PSW.banker4.APSA. This file, however, is not (part of ) a virus but in fact an essential part of your Windows program.

In the event you have deleted this vital file as a result of the faulty detection, your computer will not restart. It shows a blue screen at start up and tells you it cannot find winsvr, error c0000135. System recovery has no effect.

How to repair the problem (as mentioned on AVG�s own forum here):

  • Restart your PC in Safe Mode (tap F8 repeatedly during Windows startup)
  • Open the AVG control center by clicking the logo or via Start -> Programs -> AVG.
  • Go to the virus vault, select user32.dll and click restore.
  • Empty the virus vault.
  • Close AVG.
  • Uninstall the entire AVG program (TIP from Lunarsoft: Download Anti-Malware Toolkit [AMT] from here, run the Anti-Malware Toolkit and download the AVG Removal Tool.)
  • Reboot the PC and the problem should be resolved.

How to prevent this ever happening again:

  • After uninstalling AVG (as suggested above), do not re-install the program as AVG 8.0 is a drain on resources.
  • We from Lunarsoft recommend the free avast! antivirus.
  • Download avast! from here or from the Anti-Malware Toolkit.

Downloads: avast | avast FREE registration | Anti-Malware Toolkit Installer | Anti-Malware Toolkit Zip

Link: Digg This!

(You might want copy or print this text if you're on another computer)

Posted

I've just had a computer in for repair that's running AVG free. I thought I was reading a cut-and-paste from AVG's PR department until I read the line "Uninstall the entire AVG program"!

Is the AVG Removal tool like the Norton Removal Tool? In other words, does the regular AVG uninstall leave large parts of AVG behind?

  • Administrator
Posted

I admit I have not used AVG in a while, but I believe the tool will remove any traces or remnants.

Posted

According to Heise Security AVG gives false alarm for Windows system library AVG is not the only AV to think that user32.dll is malicious. In the past, Kaspersky, G Data and Avast have, too:

Just last week, the Kaspersky and G Data antivirus programs erroneously detected a virus in certain versions and, in January, the G Data and Avast watchdogs also decided user32.dll contained malware.

and the earlier report said:

Widely used antivirus programs avast and Gdata are both reporting user32.dll in Windows XP as a Trojan. By deleting this supposedly infected file users can hamstring their systems. The issue affects German and Dutch Windows versions, but English versions seem not to be endangered.

For me, Heise save their best comment to the last sentence:

It would be reasonable to expect the producers of AV software at least to actually test their signatures against the main system files before publishing them, or to protect them against such embarrassing breakdowns with appropriate "whitelist" entries.

.

Posted

This is why I never set AV or anti-spyware to automatically clean infections, and submit suspect files to jotti.org before deciding whether to remove them; and I quarantine them, instead of deleting them.

Any security scanner may produce a false positive, though falsely detecting vital system files is ridiculous.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...