This temporarily made AVG was tough on threats, and tough on you, too, especially if you needed to fix the problem manually, but the problem has at least now been fixed and AVG no longer poses a threat.
AVG’s update at the time was set to mistakenly identify the crucial user32.dll file as a banking Trojan (PSW.Banker4.APSA or Generic9TBN), and alerted some AVG users on XP systems the file was a threat and could be “healed or quarantined” when AVG performed its optional daily scan.
Those who chose either action found themselves with machines which crashed and then would not reboot properly, as noted in AVG’s free forum, with the user posting there explaining his own fix and recommending users switch to a different anti-virus program.
Forum moderators quickly responded with answers and pointed to two support documents from AVG, one which helped users fix the problem and another which offered a “restore tool”, along with instructions on how to create a boot CD or bootable flash drive, then the steps needed to get AVG up and running again.
AVG have also advised contacting the local AVG distributor or representative (where present) for assistance if additional assistance is needed.
Although some reports claim that only the Dutch, French, Italian, Portuguese, and Spanish language versions of Windows XP are affected, the initial responders spoke as though English was their first language, although a check of AVG support sites in other languages shows they all list the user32.dll problem and solutions.
As you can see by looking at the fixes, they are a little laborious to go through, and could confuse not technical types who will likely need the help of a friend – as well as access to their computer and Internet connection as AVG suggests if the user’s computer can’t be booted into anymore.
Continued on page 2.
Not every AVG user was affected, however – many users turn off AVG’s daily scan altogether to avoid taxing the hard drive with a complete scan on a daily or less frequent basis, preferring to rely on AVG’s real-time scanner instead.
The problem affected AVG 8.0 free and paid editions, and Vista users appear to have come through unscathed, although at least one report suggests that as a Vista user they experienced the same problem, too.
There can be no doubt that AVG has now urgently instigated some kind of additional checks or testing policies to ensure that such an embarrassing episode cannot easily happen again, and it’s a wakeup call to all anti-virus providers to ensure nothing like that ever happens with their security solutions.
AVG has 80 million users worldwide, so the potential for widespread harm, cost and inconvenience is great, but the same risk applies to any company with a large user base and an update that has gone “rogue”.
AVG’s fix is reminiscent of the kind of fix you’d need to do if your computer was infected by a virus, so the whole episode is very ironic and unfortunate, but now that it’s fixed and testing standards improved AVG should be back to normal.
There’s no doubt that some threats in forums and article responses to switch to an alternative free or commercial security package will take place.
Still, with mistakes normally giving a lesson to those who make them, a repeat user32.dll performance is very unlikely.
AVG should quickly regain the confidence of its users, many of whom have been completely unaffected and are only reading about the deleterious DLL deletion that has passed them by, and if users see a warning of a file that is marked as a threat which seems unusual, a quick look into Google before pressing “heal”, “quarantine” or “delete”, could be a good idea!
On a slightly separate note, multiple layers of protection when it comes to banking is a good idea if you're a Windows user - with the paid TrustDefender software the prime example. TrustDefender isn't anti-virus, so it wouldn't have prevented AVG from deleting the wrong file, but as banking security software for consumers and businesses it would have protected users from banking Trojan's that weren't detected by AVG or other anti-virus programs, no matter whether the Trojan/malware is known or unknown.
How it does that is ia story in itself, but the age of mutiple layers of security working independently of each other is safe and possible, something that is becoming ever more important in a world where banking malware and Trojans are stealing user's passwords, data and funds. If you're interested visit TrustDefender's site for more information.