Sign in with
Sign up | Sign in

AVG Asks Users to Delete User32.dll

By - Source: Tom's Hardware | B 15 comments

Earlier this week, users of AVG’s virus scanner accidentally got asked to ‘remove’ user32.dll, a core system file for the Windows operating system – by mistake of course.

AVG mistakenly thought that user32.dll contained one of two Trojan horses – PSW.Banker4.APSA or Generic9TBN. Users were instructed to delete the file. The action of deleting this file caused systems to go into an endless boot loop, leaving users unable to boot into Windows fully.

The solution to the issue was to boot from your retail or OEM supplied operating system disc and either run a repair, or use the recovery console (for the more tech savy). Some users were not so lucky if they didn’t receive an operating system disk, rather they had the emergency restore feature – which in most cases causes the users to lose everything stored on their system after a re-imaging of the hard drive.

AVG anti-virus is one of the most popular protection software suites as there is a free version for home use, and it has been around for a very long time with a rather good reputation. However, this is not the first time AVG has had issues with ‘user32.dll’. Around a year ago, AVG was alerting its users that ‘user32.dll’ (among other core system files) has ‘changed’. Nothing serious by all means, but it definitely alerted some users. Some users even removed it out of fear of infection.

False positives in the anti-virus world are not uncommon, and they happen from time to time with every protection suite available, free or not. Some packages will flag certain files or processes as potentially dangerous, while others will not see anything out of the ordinary.

AVG claims it has fixed the current user32.dll problem and have apologized for the mishap on the AVG User Forums.

Discuss
Display all 15 comments.
This thread is closed for comments
  • -1 Hide
    megamanx00 , November 11, 2008 8:52 PM
    Heh, noobs ^_^
  • 3 Hide
    resonance451 , November 11, 2008 8:56 PM
    Anti-Virus programs screw with you the same way viruses do. Thank god at least this one's free. Norton is by far one of the biggest scams, and everybody seems okay with that.
  • -1 Hide
    zenmaster , November 11, 2008 9:36 PM
    The funniest gaffe I recall from two years ago was a 1-2 bug punch.

    I don't recall the vendor, but one of their updates did two things...

    #1 - Flagged All Office Documents as Infected.
    #2 - Instead of moving any infected documents to the quarentine folder, it just deleted them.

    It was real nasty because it was a Corp Edition type that ran on File Servers.

  • -4 Hide
    customisbetter , November 11, 2008 9:59 PM
    I refuse to use anti virus just for this reason. Programs should not be allowed to delete file WITHOUT the users permission. McCaffee is guilty of this and we have it installed on every machine on campus( i work at a college). People often compain about losing files all the time.

    Watch what you DL and run a spyware/viurs checker once a week. No performance hits and my files stay where i like them.
  • 4 Hide
    resonance451 , November 11, 2008 10:32 PM
    It would be nice if protection at the network level were cheaper. I refuse to load my high-performance machine with tons of monitoring software.
  • 0 Hide
    resonance451 , November 11, 2008 11:12 PM
    Oh, by the way, my grandmother, who lives in eastern Europe, has AVG on her computer and probably won't know how to deal with the recovery console if AVG screwed her computer up. Thanks AVG.
  • 0 Hide
    Tindytim , November 11, 2008 11:28 PM
    customisbetterI refuse to use anti virus just for this reason. Programs should not be allowed to delete file WITHOUT the users permission. McCaffee is guilty of this and we have it installed on every machine on campus( i work at a college). People often compain about losing files all the time.Watch what you DL and run a spyware/viurs checker once a week. No performance hits and my files stay where i like them.

    Yeah, because viruses can't hide in cookies or Internet cache.
  • 0 Hide
    seatrotter , November 11, 2008 11:58 PM
    customisbetter...Watch what you DL and run a spyware/viurs checker once a week...


    Yeah, visit only legit sites! No w@rez! No pr0n!

    ...wait...

    Riiiight... anyone heard of SQL injection? XSS? hacked websites? There are no longer "safe" websites (well, not exactly, but you get the drift).

    ...but...

    I run as non-admin, so no worries! My system won't get infected!

    ...wait...

    Riiight... your system might not get compromised, but your files are still accessible! delete them? infect them? "steal"/copy them? No problem! They are within reach of the malware (compromised or drive-by program).

    There goes the outdated "my-security-steps/procedures-so-im-immune-to-infection/compromise", out thru the window.

    Obviously, there are still so much more you can do to mitigate being compromised (as much as I want to give some, my advise-mode seems to be down down today).
  • -1 Hide
    Anonymous , November 12, 2008 3:24 AM
    The solution to all these problems.. education.. you wanna use a computer.. learn how to use it.. and i'm not talking about learn what a double click is and "this is a white box.. you type here..".. This is just like a car, sure you know how to turn it on, turn it off and take you wherever you want to go, but you'll get stranded in the middle of nowhere if you don't check your engine, oil levels, tire pressure, brake system.

    Seriously, we need mega-licenses so people can operate computers. The reason we have licenses to drive cars (other than giving big brother the opportunity to watch (over) us.) is so you dont endanger yourself and others using the machine. So should be with computer usage.

    Maybe required core classes at school and university level.
  • -3 Hide
    dariushro , November 12, 2008 5:09 AM
    TindytimYeah, because viruses can't hide in cookies or Internet cache.


    You must be kidding, right? cookies are just text files...
  • 0 Hide
    partz , November 12, 2008 10:13 AM
    Bitdefender is the best security software i ever had, I never encountered such a problem with it.
  • 0 Hide
    tolique , November 12, 2008 10:25 AM
    partzBitdefender is the best security software i ever had, I never encountered such a problem with it.

    partz is right about bitdefender. I have been using it for 3 years now and never had these problems with false-positive detections. On my wife's laptop I have the free edition although is just an on-demand scanner I just never had problems with viruses. The scan is scheduled daily and works great.
    For my desktop computer I bought instead an internet security solution for further protection.
  • -1 Hide
    asdasd123123 , December 8, 2008 11:02 AM
    mcafee and norton is more difficult to erase than most viruses I ever encountered.

    I usually need to remove either of them because they failed to protect the user, and is now broken... Sigh
  • 0 Hide
    misry , April 20, 2010 3:19 PM
    Cookies are not executable, by definition, they can't be a virus. Get the Norton Removal Tool to get rid of Norton. Wipe and reload if it's got McAfee.
  • 0 Hide
    Anonymous , March 26, 2011 8:32 PM
    McAfee, and the free version of Avast! Anti-virus work very well, McAfee protected my computer from the Sasser worm, while Avast! blocked every attempt of Trojans trying to get into my computer.