AVG signature update cripples Windows machines

AVG, one of the leading suppliers of anti-virus software, released an update yesterday that caused more harm then good the outcry started. The signature update, dated November 9, allowed the program to think that user32.dll was actually a trojan and advised you to delete it but it doesn't stop there, if you do delete it and you restart your computer it will put your computer on a continuous reboot loop.

Both AVG 7.5 and 8.0 were affected by this signature update problem and at the time of writing this article XP seemed the most affected operating system, if you have had the reboot problem and want to know how you can get around it Security and the Net Blog posted this to help the users "People that have removed the user32.dll can either boot from their original Windows CD and choose the repair option, or use another CD to boot from and restore the file from C:\Windows\System32\dllcache".

AVG has responded to these problems on their forum thanking the users for their patience and help in this matter, "Unfortunately, the previous virus database might have detected the mentioned virus on legitimate files. We can confirm that it was a false alarm. We have immediately released a new virus update (270.9.0/1778) that removes the false positive detection on this file. Please update your AVG and check your files again".

Report a problem with article
Previous Story

AT&T giving away Guitar Hero World Tour to new customers

Next Story

MSN and MoneyTrack team to protect our military from fraud

47 Comments

Commenting is disabled on this article.

I've liked AVG as the popular free option. I've since used Avast because it was lighter. Glad this didn't happen to me!

Doesnt matter. I am staying with AVG. It is among the lightest and easily customizable AVs. Btw seriously with Vista, does anyone need an AV?

UAC kicked in on vista for one of my friends and i was like whoa O.O. anyways, glad i switched to kaspersky when avg 8 came out ^.^

I had the exact same problem with Trend Micro System Cleaner (SysClean) Packages last week. It removed the user32.dll file in safe mode after detecting a virus. I had to then run around to find my Windows rescue disk to restore the file

It looks like I have a few computers to put Avast! on. Just about 4 or 5 months ago my cousin's computer went dead (Vista32) and, being very impatient (not calling me), he sent the computer in for repair. Emachines told him it was the antivirus that did it (of course that has nothing to do with this particular bad update). I assumed emachines didn't know what they were talking about but I guess they may have been right. I've just lost all trust in this program.

gor said,
The best free Antivirus program at this point is Rising Antivirus Free...

No it's not, it's Avira!!

AVG has been a total POS for a long time. ONLY thing it has going for it is it's free. But, you're getting exactly what you pay for it with this crap now a days.

every AV vendor ****s up at any point in time with definition updates and false positives, several years ago it was McAfee which killed NT4 machines, more recently Symantec, now AVG

who's next?

Glad the AntiVirus messed up the other day and caused me to uninstall it. Saved me a lot more problems than just the slow speed it was giving my computer.

Ouch, that's just plain stupid. Don't they do any tests on updates!? AVG really has slid downhill recently. Will have to reconsider whether I continue to use it or not.

I have never felt comfortable paying for an anti-virus though... it's a bit like arms manufacturers. You are paying them to make a product, that if effective, puts them out of business. So in order to stay in business, they would have to ensure they either don't do too good of a job, or generate their own business via not so legitimate methods.

I think I'm going to convert everyone over to avast. I was installing Avast until Version 8.0 of AVG came out. I was impressed with the UI and performance. But after this cluster **** of a problem I'm going back to Avast. I"m surprised I haven't got any calls about this problem yet.

Well you get what you pay for. Nod32 is the hands down winner, I can't remember it giving false positives like this ever!

Raa said,
Well you get what you pay for. Nod32 is the hands down winner, I can't remember it giving false positives like this ever!

It's given false positives in the past. Not many, but it has.

What I don't understand is why windows doesn't preform some kind of system file checker on boot or at lease the most basic one. Instead of crashing when it can't find user32.dll why not just see its missing and pull it out of dllcach and put it back where its spose to be and automatically restart the system.

warwagon said,
What I don't understand is why windows doesn't preform some kind of system file checker on boot or at lease the most basic one. Instead of crashing when it can't find user32.dll why not just see its missing and pull it out of dllcach and put it back where its spose to be and automatically restart the system.

I always thought the same thing.

There's a fix tool on their site now - it's a little Linux-based bootable image for CD or USB drives that restores the USER32.DLL and disables the realtime scanner for version 8. I don't think it disables the scanner for 7.5 yet, but you should be able to run the update and restore the file from the vault.

There's also a beta program starting up again this week for version 8 SP2; we'll see how that goes, and what improvements may entail.

random_n said,
There's a fix tool on their site now - it's a little Linux-based bootable image for CD or USB drives that restores the USER32.DLL and disables the realtime scanner for version 8. I don't think it disables the scanner for 7.5 yet, but you should be able to run the update and restore the file from the vault.

Perfect for the non-tech-savvy user!

I'm lucky I just replaced AVG with Avast on my bro's PC then. His PC was problematic to begin with, and this would have just put icing on the cake.

Really sucks for non-computer savy people who now have a dead computer. They probably don't even realize that AVG caused the crash.

My siter had this installed, she's now using Kaspersky IS 2009 so everything sorted, bye bye AVG. You've lost at least one customer.

I just added a folder called "Core system files" on my thumbtack, Which includes a version of User32.dll for Both Vista and XP each in their own OS subfolder.

I can't seem to find any information on this virus. Generic9.TBN
Could it be a test signature that just got let out by mistake?
Tut tut school boy error, blame it on the new guy!
:)

This comes just a week after there last broken update that left lots of system unable to update or access web pages due to a bad update of there webshield/linkscanner, and another issue that left it stuck in a continual update, reboot, update cycle.

lars77 said,
Hopefully they're not using AVG Free edition..it's for home use only :P

Perhaps he works somewhere that fixes people's computers

You would think they would have a controlled setup with test machines containing up to date clean installs of Windows xp and Vista that are scanned with the latest virus def file before it is pushed out to millions. if that was done these problems would not happen.

AVG really has slid down hill in the last few years, at one time it was considered one of the best options after AVG 8 they killed that idea.

thealexweb said,
AVG really has slid down hill in the last few years, at one time it was considered one of the best options after AVG 8 they killed that idea.

Agreed. I refuse to use AVG8 as it bogs down your PC. I use NOD32 now, and I'm not going back.

How is some basic user going to know that it was this update that caused the problem? As far as they know thier PC was broke by a virus and will pay someone to come and fix it.