Tuesday, November 11, 2008

[THIN] Re: Alert: If you use AVG Antivirus, User32.DLL may have been removed from your system!

Haven't heard Jim? Windows is a virus! :)

On Tue, Nov 11, 2008 at 7:32 AM, Jim Kenzig http://thin.ms
<jkenzig@gmail.com> wrote:
> I've encouraged the use of AVG antirus in the past but I guess no antivirus
> program is perfect. I guess that yesterdays update falsely marked a
> critical Microsoft file user32.dll as a virus and deleted it which caused
> may systems to crash AVG gives instructions on it's site how to recover the
> file.
> http://freeforum.avg.com/read.php?7,155461#msg-155501
>
> Here is some text from the thread:
> Many PC's crashed after todays's update of AVG. The update destines
> user32.dll as a virus: PSW. banker4.APSA.
> Valid for Win XP SP2 and SP3 with AVG7.5 and AVG 8.
> This is not a virus, but an essential part of your windows programme.
>
> prevention:
> before you start up your PC, unplug the internet cable. Boot your PC and
> disable in your firewall the access to internet for the AVG update manager.
> Reconnect the internet cable. In this way your PC stays safe from the
> maliceous AVG update.
>
> solution:
> if you happen to believe the AVG programme (like I did) when it shows you
> the virus alert, and have choosen "heal"or quarantine""your PC will no
> longer restart. It shows a blue screen at start up and tells you it cannot
> find winsvr, error c0000135. System recovery has no effect. Don't panic
> (like I did) but:
>
> -restart your PC in safe mode (press F8 during windows start up)
> -open the AVG control centre by clicking the logo or via start-programs-AVG
> -go to the virus vault, select user32.dll and click restore.
> -empty the virus vault
> -close AVG
> -now unistall the whole AVG program: start-programs-AVG-uninstall
> -reboot the PC and it is fine.
>
> Wait with installing a new version of AVG until they releas a good version.
> In the mean time, use a different virus scanner.
>
> The faulty AVG update was released 8 nov around 2200 GMT apparently, looking
> at various fora. It impacted many PC's around the world in the mean time.
> This is actually worse than a virus itself.
> It also effects the paid-for Pro versions, so wondering what will happen on
> Monday morning in many businesses.....
>
> As I just spent many hours tackling this issue and found help in many
> internet fora, I thought it would be apprpriate to post a solution here. For
> those that experience the same issue, I hope you will find it usefull.
>
> With best regards,
> Richard.
>
> and from AVG Support
> Richard, Email confirmation reply from AVG Technologies Support....
>
> thank you for your email.
>
> Unfortunately, the previous virus database might have detected the
> mentioned virus on legitimate files. We can confirm that it was a
> false alarm. We have immediately released a new virus update
> (270.9.0/1778) that removes the false positive detection on this file.
> Please update your AVG and check your files again.
>
> The system can be restored by following the steps in one of the
> comments on forum (using safe mode or recovery console and copying
> c:\windows\system32\dllcache\user32.dll into the right location)
>
> If you need to restore deleted files from AVG Virus Vault you can do
> it this way:
> - Open AVG user interface.
> - Choose "Virus Vault" option from the "History" menu.
> - Locate the file that was incorrectly removed and select it (one
> click).
> - Click on the "Restore" button.
>
> We are sorry for the inconvenience and thank you for your help.
>
> Best regards,
>
> Zbynek Paulen
> AVG Technical Support
>
>
> Jim Kenzig
> Blog: http://www.techblink.com
>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://www.freelists.org/list/thin
NEW! Follow Thin List on Twitter!
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
HOT! Thinlist MOBILE Feed!
http://thinlist.net/mobile
Thinlist quick pick
http://thinlist.net
************************************************

No comments: