Help
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Page 1 of 1
Bad AVG Update Reported
#1
- Computer Masochist
-
- Group: Staff Emeritus
- Posts: 27,809
- Joined: 27-January 07
- Location:Cleveland, Ohio
Posted 11 November 2008 - 01:45 PM
Mark
why won't my laptop work?
Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
why won't my laptop work?
Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
Back to top
#2
- a forum member
-
- Group: Members
- Posts: 2,375
- Joined: 27-August 07
Posted 11 November 2008 - 03:04 PM
garmanma, on Nov 11 2008, 06:45 PM, said:
I presume this relates to the Antivirus AVG 8.0?
if so does not bode well for the AVG reputation especially as they are asking AVG users to 'convert' to the 8.0 version
#3
- Forum Addict
-
- Group: Banned
- Posts: 2,154
- Joined: 27-April 08
- Gender:Male
Posted 12 November 2008 - 02:42 PM
garmanma, on Nov 11 2008, 10:45 AM, said:
ruby1, on Nov 11 2008, 12:04 PM, said:
garmanma, on Nov 11 2008, 06:45 PM, said:
I presume this relates to the Antivirus AVG 8.0?
if so does not bode well for the AVG reputation especially as they are asking AVG users to 'convert' to the 8.0 version
November 11, 2008 (Computerworld) A flawed signature update to AVG Technologies' antivirus software over the weekend crippled some Windows XP PCs by mistakenly deleting a critical system file, the company has confirmed.
According to AVG, an update released late Saturday fingered the "user32.dll" file as a Trojan horse. As per the program's settings, the AVG software, shut the .dll away in quarantine, then deleted it. "A number of users who installed the update mistakenly received a warning that the Windows system file user32.dll product Version 5.1.2600.3099 was infected with a Trojan virus and were prompted to delete a file essential to the operation of Windows XP,"
Users of the newest AVG Antivirus 8.0 and its predecessor, AVG Antivirus 7.5, were affected. The AVG spokeswoman claimed that only users running Dutch, French, Italian, Portuguese and Spanish language versions of Windows XP were affected. Computerworld was unable to confirm that, however.
"If you have chosen 'heal' or 'quarantine,' your PC will no longer restart," said a panicked user named "pa3bar" in a message Sunday. "It shows a blue screen at start-up and tells you it cannot find winsvr, error c0000135. System recovery has no effect."
On its support site, AVG posted instructions that involved running Windows XP's Recovery Console, disabling several AVG services and restoring the user32.dll file by copying it from the operating system's install CD. For users unable to locate their installation disc, AVG offered a utility that fixed the problem; those users also needed to create a bootable CD or USB drive.
The utility work-around was for AVG Antivirus 8.0 only; a similar utility for AVG Antivirus 7.5 will be available "soon," according to a message posted by a support forum moderator today.
AVG released a follow-up signature update to correct the problem, but that solution only worked if the user had not turned off his PC, or rebooted it, after installing the buggy update and then deleting user32.dll.
"Affected users unable to use their PCs should contact their AVG reseller or ask a friend to download the information and fix the tool for them," the spokeswoman suggested. "AVG sincerely regrets the inconvenience users have experienced. We are working to remedy the problem and ensure that any other potential vulnerabilities are identified and eliminated before they can impact users," she continued.
Although AVG posted work-arounds on its support site, it did not publicize the problem on the front page of its Web site.
This wasn't the first time that AVG has been in the limelight. Last summer, the LinkScanner Search-Shield component of its antivirus software triggered a flood of bogus traffic to Web sites, angering site operators.
Nor is AVG the only security vendor to issue a damaging update. Only last September, a Trend Micro signature mistook several critical Windows XP and Vista system files for malware, blocking the PCs from booting.
#4
- Forum Addict
-
- Group: Banned
- Posts: 2,154
- Joined: 27-April 08
- Gender:Male
Posted 12 November 2008 - 02:47 PM
Gabisonfire, on Nov 10 2008, 08:43 AM, said:
If you are an AVG user, you probably ended up today with a user32.dll failure or a constantly rebooting xp.
This problem is due to a false positive result.
Actually AVG's new update detected USER32.dll as a Trojan.Horse.
To fix you must:
1. Boot in safe mode and go into the quarantine folder to restore USER32.dll to its original place.
2. If that doesn't work, you'll have to plus your hdd in another computer and copy the user32.dll from the c:/windows/$uninstallKB925902$
to the c:/windows/system32.
AVG already solved this issue but you have to update your database to current before scanning.
Cheers!
This problem is due to a false positive result.
Actually AVG's new update detected USER32.dll as a Trojan.Horse.
To fix you must:
1. Boot in safe mode and go into the quarantine folder to restore USER32.dll to its original place.
2. If that doesn't work, you'll have to plus your hdd in another computer and copy the user32.dll from the c:/windows/$uninstallKB925902$
to the c:/windows/system32.
AVG already solved this issue but you have to update your database to current before scanning.
Cheers!
#5
- a forum member
-
- Group: Members
- Posts: 2,375
- Joined: 27-August 07
Posted 12 November 2008 - 02:53 PM
Net_Surfer, on Nov 12 2008, 07:42 PM, said:
garmanma, on Nov 11 2008, 10:45 AM, said:
ruby1, on Nov 11 2008, 12:04 PM, said:
garmanma, on Nov 11 2008, 06:45 PM, said:
I presume this relates to the Antivirus AVG 8.0?
if so does not bode well for the AVG reputation especially as they are asking AVG users to 'convert' to the 8.0 version
November 11, 2008 (Computerworld) A flawed signature update to AVG Technologies' antivirus software over the weekend crippled some Windows XP PCs by mistakenly deleting a critical system file, the company has confirmed.
According to AVG, an update released late Saturday fingered the "user32.dll" file as a Trojan horse. As per the program's settings, the AVG software, shut the .dll away in quarantine, then deleted it. "A number of users who installed the update mistakenly received a warning that the Windows system file user32.dll product Version 5.1.2600.3099 was infected with a Trojan virus and were prompted to delete a file essential to the operation of Windows XP,"
Users of the newest AVG Antivirus 8.0 and its predecessor, AVG Antivirus 7.5, were affected. The AVG spokeswoman claimed that only users running Dutch, French, Italian, Portuguese and Spanish language versions of Windows XP were affected. Computerworld was unable to confirm that, however.
"If you have chosen 'heal' or 'quarantine,' your PC will no longer restart," said a panicked user named "pa3bar" in a message Sunday. "It shows a blue screen at start-up and tells you it cannot find winsvr, error c0000135. System recovery has no effect."
On its support site, AVG posted instructions that involved running Windows XP's Recovery Console, disabling several AVG services and restoring the user32.dll file by copying it from the operating system's install CD. For users unable to locate their installation disc, AVG offered a utility that fixed the problem; those users also needed to create a bootable CD or USB drive.
The utility work-around was for AVG Antivirus 8.0 only; a similar utility for AVG Antivirus 7.5 will be available "soon," according to a message posted by a support forum moderator today.
AVG released a follow-up signature update to correct the problem, but that solution only worked if the user had not turned off his PC, or rebooted it, after installing the buggy update and then deleting user32.dll.
"Affected users unable to use their PCs should contact their AVG reseller or ask a friend to download the information and fix the tool for them," the spokeswoman suggested. "AVG sincerely regrets the inconvenience users have experienced. We are working to remedy the problem and ensure that any other potential vulnerabilities are identified and eliminated before they can impact users," she continued.
Although AVG posted work-arounds on its support site, it did not publicize the problem on the front page of its Web site.
This wasn't the first time that AVG has been in the limelight. Last summer, the LinkScanner Search-Shield component of its antivirus software triggered a flood of bogus traffic to Web sites, angering site operators.
Nor is AVG the only security vendor to issue a damaging update. Only last September, a Trend Micro signature mistook several critical Windows XP and Vista system files for malware, blocking the PCs from booting.
yea; right I have just updated ,so if I reboot and /or run a scan...goodby world
#6
- Forum Addict
-
- Group: Banned
- Posts: 2,154
- Joined: 27-April 08
- Gender:Male
Posted 12 November 2008 - 03:07 PM
Hey Ruby1
check my post #4
I think we crossed posts.
AVG already solved this issue but you have to update your database to current before scanning.
check my post #4
I think we crossed posts.
AVG already solved this issue but you have to update your database to current before scanning.
#7
- Forum Addict
-
- Group: Banned
- Posts: 2,154
- Joined: 27-April 08
- Gender:Male
Posted 13 November 2008 - 01:27 AM
REF: Filed Under by: Ramesh Srinivasan
Many of our readers wrote telling that AVG AntiVirus Update 270.9.0/1777 caused serious problems with their Windows XP systems, deleting the User32.dll (false-positive issue) which prevented Windows XP from starting. AVG has documented this problem in their support pages immediately, and also released a definition update which does not has this problem.
They’ve also released a fix-it tool that can restore the quarantined User32.dll in the affected computers. If the file User32.dll is not available in the quarantined location (AVG Vault), then this tool gets a copy of the file from DllCache folder and places it in the System32 folder. This utility can be used if you don’t have a Windows XP CD and if the Windows XP Recovery Console is not installed in the system.
After restoring the User32.dll file, the tool disables AVG Resident Shield monitoring by renaming the corresponding executable files so that the problem does not surface again upon next boot. The user is supposed to update AVG virus definitions, rename the modules back and then restart the computer.
REF: AVG FAQ 1575: False positive "user32.dll" - fix tool.
AVG have prepared an utility which can fix the issue mentioned above. You can use the following boot media: either CD-ROM or USB flash drive. If you decide to use CD-ROM, please follow the instructions below:
Instructions to create the boot CD and use it in your systems to restore the user32.dll file.
Here is a detailed write-up:
Creating and Using the Bootable CD
From another computer running Windows XP/Vista/2003, perform the following steps to create the AVG User32.dll Fix - Boot CD.
1. Download bootcd_en.iso (~9 MB) from AVG Website
2. Download ISO Recorder PowerToy and install it.
3. Right-click bootcd_en.iso file and choose Copy image to CD
4. Follow the instructions and create a bootable CD.
5. Insert the CD into the CD-ROM drive of the affected computer and restart the computer. If it does not boot up from the CD, you may have to set the boot order (CD drive as the first boot device) in the BIOS setup.
6. Press ENTER you will see a screen:
That the tool tries to restore the quarantined file (user32.dll) from the AVG Vault folder. If it’s missing, then the DllCache folder is used as the source.
Update AVG and Re-activate the Resident Shield
Remove the boot CD and restart the computer. You should be able to start Windows XP now, with the Resident Shield disabled. The Update feature works fine though.
Right-click on the AVG icon in the Notification area and choose Update now. Follow the instructions and install the update.
Open the "C:\Program Files\AVG\AVG8" folder using Windows Explorer. Rename: avgrsx.exe_off to avgrsx.exe & avgsched.dll_off to avgsched.dll.
Restart Windows so that the AVG Resident Shield starts working.
For: USB flash drive instructions go to: AVG Support webpage.
Many of our readers wrote telling that AVG AntiVirus Update 270.9.0/1777 caused serious problems with their Windows XP systems, deleting the User32.dll (false-positive issue) which prevented Windows XP from starting. AVG has documented this problem in their support pages immediately, and also released a definition update which does not has this problem.
They’ve also released a fix-it tool that can restore the quarantined User32.dll in the affected computers. If the file User32.dll is not available in the quarantined location (AVG Vault), then this tool gets a copy of the file from DllCache folder and places it in the System32 folder. This utility can be used if you don’t have a Windows XP CD and if the Windows XP Recovery Console is not installed in the system.
After restoring the User32.dll file, the tool disables AVG Resident Shield monitoring by renaming the corresponding executable files so that the problem does not surface again upon next boot. The user is supposed to update AVG virus definitions, rename the modules back and then restart the computer.
REF: AVG FAQ 1575: False positive "user32.dll" - fix tool.
AVG have prepared an utility which can fix the issue mentioned above. You can use the following boot media: either CD-ROM or USB flash drive. If you decide to use CD-ROM, please follow the instructions below:
Instructions to create the boot CD and use it in your systems to restore the user32.dll file.
Here is a detailed write-up:
Creating and Using the Bootable CD
From another computer running Windows XP/Vista/2003, perform the following steps to create the AVG User32.dll Fix - Boot CD.
1. Download bootcd_en.iso (~9 MB) from AVG Website
2. Download ISO Recorder PowerToy and install it.
3. Right-click bootcd_en.iso file and choose Copy image to CD
4. Follow the instructions and create a bootable CD.
5. Insert the CD into the CD-ROM drive of the affected computer and restart the computer. If it does not boot up from the CD, you may have to set the boot order (CD drive as the first boot device) in the BIOS setup.
6. Press ENTER you will see a screen:
That the tool tries to restore the quarantined file (user32.dll) from the AVG Vault folder. If it’s missing, then the DllCache folder is used as the source.
Update AVG and Re-activate the Resident Shield
Remove the boot CD and restart the computer. You should be able to start Windows XP now, with the Resident Shield disabled. The Update feature works fine though.
Right-click on the AVG icon in the Notification area and choose Update now. Follow the instructions and install the update.
Open the "C:\Program Files\AVG\AVG8" folder using Windows Explorer. Rename: avgrsx.exe_off to avgrsx.exe & avgsched.dll_off to avgsched.dll.
Restart Windows so that the AVG Resident Shield starts working.
For: USB flash drive instructions go to: AVG Support webpage.
#8
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,111
- Joined: 09-July 05
- Location:Virginia, USA
Posted 13 November 2008 - 03:45 PM
Quote
After trashing many Windows XP machines with a false positive on a system file called user32.dll, AVG finally seems to be getting a clue about how to handle a disaster.
AVG now has four related security bulletins:
1574 explains how to fix AVG 8.0 with a Windows XP installation CD
1575 explains how to fix AVG 8.0 without a Windows XP installation CD
1579 explains how to fix AVG 7.5 with a Windows XP installation CD
1580 explains how to fix AVG 7.5 without a Windows XP installation CD
To see the bulletin that applies to you, go to the AVG FAQ site and type in the appropriate number.
AVG now has four related security bulletins:
1574 explains how to fix AVG 8.0 with a Windows XP installation CD
1575 explains how to fix AVG 8.0 without a Windows XP installation CD
1579 explains how to fix AVG 7.5 with a Windows XP installation CD
1580 explains how to fix AVG 7.5 without a Windows XP installation CD
To see the bulletin that applies to you, go to the AVG FAQ site and type in the appropriate number.
http://www.askwoody.com/newscomments.php?newsid=2231
Microsoft MVP - Consumer Security 2007-2012 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
#9
- Who is running the store?
-
- Group: Members
- Posts: 2,521
- Joined: 26-November 05
- Gender:Male
- Location:Tampa Bay Area, Florida, USA
Posted 14 November 2008 - 09:40 AM
Not as severe, but we may have another AVG problem being reported h e r e on BC.
I know you think you understand what you thought I said,
but I'm not sure you realize that what you heard is not what I meant!
#11
- Forum Regular
-
- Group: Members
- Posts: 165
- Joined: 11-September 08
- Gender:Male
- Location:Goodfellow AFB, Texas
Posted 20 November 2008 - 03:02 PM
this is....kinda funny lol
sucks for those affected from this however...
sucks for those affected from this however...
Intel Core2Duo E8400 wolfdale 3.0GHz OC'd to 3.8GHz 38°C/39°C maximum,
---Call 9-1-1 for emergencies.... or just post at Bleeping Computer---
------------Your friendly CVCOG 9-1-1 Network Administrator-----------
Share this topic:
Page 1 of 1