Tuesday, November 11, 2008

Users of Grisoft's free AVG: don't delete that file until you check this . . .

http://securityandthe.net/2008/11/10/avg-virus-scanner-removes-critical-windows-file/

Quote:

An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll (netdef: a critical system file for Windows)contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.

Both AVG 7.5 and AVG 8.0 were affected by the update; a revised signature database has just been published that corrects this issue. People that have removed the user32.dll can either boot from their original Windows CD and choose the repair option, or use another CD to boot from and restore the file from C:WindowsSystem32dllcache.