Slashdot Mirror
AVG Virus Scanner Removes Critical Windows File
secmartin writes "The popular virus scanner AVG released an update yesterday that caused their software to mark user32.dll as a virus. Since this is a rather critical file, AVG's suggestion to remove it caused problems for users around the world who are now advised to restore the file through the Windows Recovery Console. AVG just posted an update about this (FAQ item 1574) in the support section of their site. Their forums are full of complaints."
Just doing it's job!
It seems like AVG has gone massively downhill lately.
you get what you pay for?
So, those of us who have paid for (what used to be called) the SoHo version, or any of the other versions should just grin and bare it? I dont think so. I'm pissed. It's not all freeware
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
This is actually a patch that they tried to roll out to fix Ubuntu bug #1, a great stride forward too.
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
Should have gone for the gold, marked Explorer.exe and iExplore...
It'd be nice to think that that was true, but based on the number of totally f'ed up McAfee and Norton situations I've seen, it's not even close to safe to conclude that for-pay anti-virus products are reliably more trouble-free than ones that don't cost money for home use.
Damn. This is what I was hoping would never happen to AVG. After reading all the times that McAfee, Norton, and others had removed Office documents, Windows DLLs, and Office DLLs, I always had a smug chuckle available.
But now. Ah, well. Four years, 300 workstations, a dozen or more managed installations and still not a single infection or major problem for me using AVG.
Actually the free versions always get their updates later than the paid for versions, so it's the paying customers who were affected the most by this.
"Do not recommend Linux for it's "not there yet." I will give KDE a few more years."
It would appear that certain free AV software is also "not there yet". :)
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
That's going to be fun for the millions of PC users who did not get a Windows CD with their PC and did not bother to burn a re-install CD.
The real "Libtards" are the Libertarians!
That's Why I moved to Linux....oh wait...nevermind.
I Need someone to rebuild a Digitech Digital Delay pedal for me....for me...for me...for me.
I've been using AVG at customers sites since version 6.. It has, over the years, deleted entire outlook pst's, repeatedly uninstalled VNC servers and radmin, and generally been grumpy for the slightest reason.
I am a sucker for punishment, because I still keep using it. It's just as good as the rest, it's half the price, and noticably faster than all the others I've tried.
I think that, however, the entire concept of antivirus is going to have to fail, and we'll need a whitelist, rather than a blacklist.
There has been quite a bit of discussion about this over the years, and it's going to come true.
Oh. And as an added bonus, Slashdot is screwing up my display. When I load the page, I get the comments page, and then it clears and I get a spammy IBM flash ad of some sort. Serves me right for not installing ABP after a reinstall.
--Rob
Schlock Mercenary.
If you haven't been hit yet, then you probably won't be either; your AVG quite likely already has the fixed definitions file.
If you -are- hit... guess what? it pops up a warning that it believes it found some sort of trojan in user32.dll . Laymen might just tell it to remove the thing, but I do hope -you- would know better and tell it to stfu and ignore, then fetch the latest update (it will warn you a few more times if you've got the resident shield runnning, as user32.dll gets accessed a lot).
If you -are- hit and it has already removed it... quickly restore it, carry on.
If you are hit, it has removed it, and your machine has already crashed... reboot to a command prompt (safe mode MAY work, but it didn't when I fixed a machine on sunday), restore user32.dll from a cache / restore point. If you can't get it from a cache, get it from the installation CD (if you have one), but keep in mind that it will be missing updates and windows update might not realize that (as everything else on the system tells it hotfixes N-M have been installed - maybe MS will make the update check the MD5 or something of user32.dll, after this problem, just in case).
This was extremely stupid on the end of AVG, but then I'm still baffled why such files can be removed at all; same with ntldr. If you accidentally wipe your root dir, you're all kinds of f'ed.
Careful what you bare, you saw how quick it cut off that dll file :D
McAfee had a similar issue:
http://it.slashdot.org/it/06/03/13/1322215.shtml
I'd like to share a revelation that I've had during my time here. It came to me when I tried to classify your operating systems and I realized that you're not actually cross platform. Every OS on this planet instinctively develops a natural equilibrium with the surrounding community but you Windows users do not. You move to a hardware manufacturer and you multiply and multiply until every desktop is consumed and the only way you can survive is to spread to another OEM. There is another organism on this planet that follows the same pattern. Do you know what it is? A virus. Windows is a disease, a cancer of this planet.
You're a plague and AVG is the cure.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Why do people always decide to grin and bare it on Slashdot? I mean, couldn't they at least include a NSFW tag?
It's just not Kosher, sometimes.
>> Standing on head makes smile of frown, but rest of face also upside down.
AVG failed to detect dozens of viruses and malware on my sister's computer that Avast cleared out. Avast isn't perfect, but they're both free, and it's my experience that Avast is more reliable than AVG. As always, YMMV.
No, Avast ye scurvy viruses, dammit! Not everything that looks vaguely latin should be pluralized with an i, and most certainly nothing should be pluralized by changing the word-final "us" to "ii"! You're just a dumbass trying to look educated, and failing miserably. http://dictionary.reference.com/browse/virus
It deletes a single file that can be recovered painlessly. On the other hand Norton will install itself where it spawns god knows what else into the system. And the worst part is that even after you kill the damn program there is still shit left over controlling your system. Heck, they even make a special program just designed to uninstall it.
I run AVG in wine. how else can i tell if i'm getting the viruses!
This is a joke. I am joking. Joke joke joke.
OK, fine, most people won't have CMDOW.EXE on their system legitmately (ie they didn't put it there themselves) and so if they do have that file, something nefarious has happened at some stage. But for all devs that do use this file (and others like it), AVG is not a friend, not even in the slightest.
So, that leaves the non-devs, and there's enough of them around to build a business model based upon offering the program for free in order to get some paying customers. So, Sometimes, if building a PC for a complete noob and i wasn't going to have to maintain it afterwards, i would ignore my hatred of AVG and just install the latest free ed so at least the user would have a relatively trouble-free anti-virus solution.
Now, AVG has no doubt ruined many a noobs week because their computer doesn't work and they have no idea how to fix it. Great one AVG!
I now have a delete-on-sight-with-a-scorched-earth-attitude policy with regard to AVG (was previously only an ignore-at-all-costs-except-when-really-lazy policy). Can all members of the technical elite follow suit? Thanks.
Over the last few years I have installed AVG Free on hundreds of my customers computers. On the whole it has been a good stable program. While I havent seen this current problem yet, this would be the third time this year that I know of where AVG have stuffed up and caused major problems. The last one was where they disabled Zonealarm and customers lost their connection to the Internet. For your average home user, it is beyond them to know why something goes wrong, it just does. AVG on the other hand seem to be slipping in the way they approach the care they should be taking when releasing updates. Be interesting to know if something has changed this year in their process of developing and releasing updates?
Interestingly, as a non-paying customer, I was affected by this bug. I now have three programs that I will not be able to uninstall. AVG detected their uninstaller file as a virus and deleted them.
How many times will Grisoft pull this crap? First flooding teh intertubes now deleting my l33t filez.
Some time ago I was recommending this and installing this program on all computers. Now, I'm just waiting for Comodo to get their act together and release an AV product I can trust.
I administer a network of a about 200 windows systems, and we use almost exclusively AVG Free. Oy vey, am I gonna have a long day on Wednesday, maybe I should just unplug the phone now.
i thought the AVG free license was for personal non-commercial use.
That should be Pirii, not Pirates.
:blink: Why is your anti-virus deleting files instead of quarantining them!?
No, it's Pirates, dammit! Now I'm going to lecture you about the proper pluralization of latin sounding words because I think you're a dumbass trying to look educated, there is no way you would make a common mistake for comedic value. http://dictionary.reference.com/browse/humor
http://www.mhall119.com
Norton has no relevance to this story. The discussion is not about Norton. Norton sucking does not make AVG suck less.
Painlessly? It requires using Windows Recovery Console which necessitates having boot media available. My desktop can't boot off normal XP installation media due to a lack of AHCI drivers so I had to slipstream my own - I haven't figured out how to make a slipstream disk that still allows Recovery Console. My flatmates laptop doesn't have an optical drive and requires netbooting, which in turn requires a Windows Server nearby. If it causes someone like me problems, you can guarantee it will cause many non-technical users a great deal of grief.
Well, better than my slip up. I was working at an office with a secretary. She was showing me around the place, where the machines were etc. We had finished and needed to get back to her station to fix her system. Guess what I said without even thinking?
"Well I guess we should go now and take a look at your box." She laughed pretty hard.
I couldn't believe that I said that.
I'm not anti-social, I'm anti-idiot.
No, Avast ye scurvy viruses, dammit!
There's no such thing as "viruses", just there's no "mouses". "Virus" is the plural for "virua".
Other commonly confused words include "bus", the plural of "bue", "adress" for "adreso" (tricky one!). Not many people know or use those words correct hence the mess we're in.
But some words are catching up faster than others, such as the popular "yes", which is the plural of "yea".
It's always good to have a second opinion - see e.g.portable clamwin
Andy
Comment removed based on user account deletion