[VISTA] Alert: If you use AVG Antivirus, User32.DLL may have been removed from your system!

• From: "Jim Kenzig http://thin.ms" <jkenzig@xxxxxxxxx>
• To: THIN <thin@xxxxxxxxxxxxx>, windows2000@xxxxxxxxxxxxx, vista@xxxxxxxxxxxxx
• Date: Tue, 11 Nov 2008 07:32:35 -0500

I've encouraged the use of AVG antirus in the past but I guess no antivirus
program is perfect.  I guess that yesterdays update falsely marked a
critical Microsoft file user32.dll as a virus and deleted it which caused
may systems to crash AVG gives instructions on it's site how to recover the
file.
http://freeforum.avg.com/read.php?7,155461#msg-155501
Here is some text from the thread:
Many PC's crashed after todays's update of AVG. The update destines
user32.dll as a virus: PSW. banker4.APSA.
Valid for Win XP SP2 and SP3 with AVG7.5 and AVG 8.
This is not a virus, but an essential part of your windows programme.

prevention:
before you start up your PC, unplug the internet cable. Boot your PC and
disable in your firewall the access to internet for the AVG update manager.
Reconnect the internet cable. In this way your PC stays safe from the
maliceous AVG update.

solution:
if you happen to believe the AVG programme (like I did) when it shows you
the virus alert, and have choosen "heal"or quarantine""your PC will no
longer restart. It shows a blue screen at start up and tells you it cannot
find winsvr, error c0000135. System recovery has no effect. Don't panic
(like I did) but:

-restart your PC in safe mode (press F8 during windows start up)
-open the AVG control centre by clicking the logo or via start-programs-AVG
-go to the virus vault, select user32.dll and click restore.
-empty the virus vault
-close AVG
-now unistall the whole AVG program: start-programs-AVG-uninstall
-reboot the PC and it is fine.

Wait with installing a new version of AVG until they releas a good version.
In the mean time, use a different virus scanner.

The faulty AVG update was released 8 nov around 2200 GMT apparently, looking
at various fora. It impacted many PC's around the world in the mean time.
This is actually worse than a virus itself.
It also effects the paid-for Pro versions, so wondering what will happen on
Monday morning in many businesses.....

As I just spent many hours tackling this issue and found help in many
internet fora, I thought it would be apprpriate to post a solution here. For
those that experience the same issue, I hope you will find it usefull.

With best regards,
Richard.

and from AVG Support
Richard, Email confirmation reply from AVG Technologies Support....

thank you for your email.

Unfortunately, the previous virus database might have detected the
mentioned virus on legitimate files. We can confirm that it was a
false alarm. We have immediately released a new virus update
(270.9.0/1778) that removes the false positive detection on this file.
Please update your AVG and check your files again.

The system can be restored by following the steps in one of the
comments on forum (using safe mode or recovery console and copying
c:\windows\system32\dllcache\user32.dll into the right location)

If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience and thank you for your help.

Best regards,

Zbynek Paulen
AVG Technical Support


Jim Kenzig
Blog: http://www.techblink.com


*****************************
Windows Vista Links, list options 
and info are available at:
http://www.VistaPop.com
*****************************

Other related posts:

• » [VISTA] Alert: If you use AVG Antivirus, User32.DLL may have been removed from your system!

1. Home
2. vista
3. Archive
4. 11-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---