I've encouraged the use of AVG antirus in the past but I guess no antivirus program is perfect. I guess that yesterdays update falsely marked a critical Microsoft file user32.dll as a virus and deleted it which caused may systems to crash AVG gives instructions on it's site how to recover the file.
http://freeforum.avg.com/read.php?7,155461#msg-155501
Here is some text from the thread:
Many PC's crashed after todays's update of AVG. The update destines user32.dll as a virus: PSW. banker4.APSA.
Valid for Win XP SP2 and SP3 with AVG7.5 and AVG 8.
This is not a virus, but an essential part of your windows programme.
prevention:
before you start up your PC, unplug the internet cable. Boot your PC and disable in your firewall the access to internet for the AVG update manager. Reconnect the internet cable. In this way your PC stays safe from the maliceous AVG update.
solution:
if you happen to believe the AVG programme (like I did) when it shows you the virus alert, and have choosen "heal"or quarantine""your PC will no longer restart. It shows a blue screen at start up and tells you it cannot find winsvr, error c0000135. System recovery has no effect. Don't panic (like I did) but:
-restart your PC in safe mode (press F8 during windows start up)
-open the AVG control centre by clicking the logo or via start-programs-AVG
-go to the virus vault, select user32.dll and click restore.
-empty the virus vault
-close AVG
-now unistall the whole AVG program: start-programs-AVG-uninstall
-reboot the PC and it is fine.
Wait with installing a new version of AVG until they releas a good version. In the mean time, use a different virus scanner.
The faulty AVG update was released 8 nov around 2200 GMT apparently, looking at various fora. It impacted many PC's around the world in the mean time. This is actually worse than a virus itself.
It also effects the paid-for Pro versions, so wondering what will happen on Monday morning in many businesses.....
As I just spent many hours tackling this issue and found help in many internet fora, I thought it would be apprpriate to post a solution here. For those that experience the same issue, I hope you will find it usefull.
With best regards,
Richard.
and from AVG Support
Richard, Email confirmation reply from AVG Technologies Support....
thank you for your email.
Unfortunately, the previous virus database might have detected the
mentioned virus on legitimate files. We can confirm that it was a
false alarm. We have immediately released a new virus update
(270.9.0/1778) that removes the false positive detection on this file.
Please update your AVG and check your files again.
The system can be restored by following the steps in one of the
comments on forum (using safe mode or recovery console and copying
c:\windows\system32\dllcache\user32.dll into the right location)
If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.
We are sorry for the inconvenience and thank you for your help.
Best regards,
Zbynek Paulen
AVG Technical Support
Jim Kenzig
Blog: http://www.techblink.com
Tuesday, November 11, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment