Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Wednesday, 12 November 2008 11:20

AVG 8 and the case of the deleterious DLL deletion

Grisoft’s AVG 8 free and paid edition anti-virus software had an update on the weekend that caused some Windows XP machines to delete a vital file and stop XP from booting – and locking users out of their computers! The problem’s now fixed and a repair is available, but it’s the one “oops” you never want your anti-virus software to make!

AVG’s normal slogan is “tough on threats, easy on you” but last weekend saw a threat window open up from an unexpected source: AVG itself.

This temporarily made AVG was tough on threats, and tough on you, too, especially if you needed to fix the problem manually, but the problem has at least now been fixed and AVG no longer poses a threat.

AVG’s update at the time was set to mistakenly identify the crucial user32.dll file as a banking Trojan (PSW.Banker4.APSA or Generic9TBN), and alerted some AVG users on XP systems the file was a threat and could be “healed or quarantined” when AVG performed its optional daily scan.

Those who chose either action found themselves with machines which crashed and then would not reboot properly, as noted in AVG’s free forum, with the user posting there explaining his own fix and recommending users switch to a different anti-virus program.

Forum moderators quickly responded with answers and pointed to two support documents from AVG, one which helped users fix the problem and another which offered a “restore tool”, along with instructions on how to create a boot CD or bootable flash drive, then the steps needed to get AVG up and running again.

AVG have also advised contacting the local AVG distributor or representative (where present) for assistance if additional assistance is needed.

Although some reports claim that only the Dutch, French, Italian, Portuguese, and Spanish language versions of Windows XP are affected, the initial responders spoke as though English was their first language, although a check of AVG support sites in other languages shows they all list the user32.dll problem and solutions.

As you can see by looking at the fixes, they are a little laborious to go through, and could confuse not technical types who will likely need the help of a friend – as well as access to their computer and Internet connection as AVG suggests if the user’s computer can’t be booted into anymore.

Continued on page 2.

Not every AVG user was affected, however – many users turn off AVG’s daily scan altogether to avoid taxing the hard drive with a complete scan on a daily or less frequent basis, preferring to rely on AVG’s real-time scanner instead.

For those whose scan is less frequent and weren’t affected would by now have received an updated anti-virus definitions file which rectified the problem, while those who got the warning but decided not to heed it during a full scan weren’t affected either and should now be updated to a “safe” AVG version.

The problem affected AVG 8.0 free and paid editions, and Vista users appear to have come through unscathed, although at least one report suggests that as a Vista user they experienced the same problem, too.

There can be no doubt that AVG has now urgently instigated some kind of additional checks or testing policies to ensure that such an embarrassing episode cannot easily happen again, and it’s a wakeup call to all anti-virus providers to ensure nothing like that ever happens with their security solutions.

AVG has 80 million users worldwide, so the potential for widespread harm, cost and inconvenience is great, but the same risk applies to any company with a large user base and an update that has gone “rogue”.

AVG’s fix is reminiscent of the kind of fix you’d need to do if your computer was infected by a virus, so the whole episode is very ironic and unfortunate, but now that it’s fixed and testing standards improved AVG should be back to normal.

There’s no doubt that some threats in forums and article responses to switch to an alternative free or commercial security package will take place.

Still, with mistakes normally giving a lesson to those who make them, a repeat user32.dll performance is very unlikely.

AVG should quickly regain the confidence of its users, many of whom have been completely unaffected and are only reading about the deleterious DLL deletion that has passed them by, and if users see a warning of a file that is marked as a threat which seems unusual, a quick look into Google before pressing “heal”, “quarantine” or “delete”, could be a good idea!

On a slightly separate note, multiple layers of protection when it comes to banking is a good idea if you're a Windows user - with the paid TrustDefender software the prime example. TrustDefender isn't anti-virus, so it wouldn't have prevented AVG from deleting the wrong file, but as banking security software for consumers and businesses it would have protected users from banking Trojan's that weren't detected by AVG or other anti-virus programs, no matter whether the Trojan/malware is known or unknown.

How it does that is ia story in itself, but the age of mutiple layers of security working independently of each other is safe and possible, something that is becoming ever more important in a world where banking malware and Trojans are stealing user's passwords, data and funds. If you're interested visit TrustDefender's site for more information.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News