Slashdot Mirror

← Back to Stories (view on slashdot.org)

AVG Virus Scanner Removes Critical Windows File

Posted by kdawson on from the it-just-acts-like-one dept.

secmartin writes "The popular virus scanner AVG released an update yesterday that caused their software to mark user32.dll as a virus. Since this is a rather critical file, AVG's suggestion to remove it caused problems for users around the world who are now advised to restore the file through the Windows Recovery Console. AVG just posted an update about this (FAQ item 1574) in the support section of their site. Their forums are full of complaints."

25 of 440 comments (clear)

  1. Well... by jav1231 · · Score: 5, Funny

    Just doing it's job!

    1. Re:Well... by Anonymous Coward · · Score: 5, Interesting

      This isn't too far from realistic.

      I work for a firm that, through the power of politics, actually pays to use McAfee antivirus and related products. Now, this is a product that can sometimes detect a virus but can't remove it, whatsoever. Yet, it will produce an error message that prompts the end-user to "delete", "remove" or "ignore"... (something to this nature - it really doesn't matter since none of them work except "ignore").

      Some of the technicians have resorted to using certain free applications to get rid of the viruses (virii?) when the end-users show up to the help desk, angry as all get. Recently, McAfee started preventing these various freeware packages from being installed - it simply detects them as viruses themselves!

      You could say that McAfee is doing its job - it leaves the sales up to the politicians while it prevents the real software from doing the work.

      What a hopeless, hopeless situation.

    2. Re:Well... by Anonymous Coward · · Score: 5, Funny

      shame the reality is so very different.

      It is?

    3. Re:Well... by BronsCon · · Score: 5, Funny

      It removes the biggest flaw of all: user.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    4. Re:Well... by steelfood · · Score: 5, Funny

      "AVG Virus Scanner Removes Critical Windows Flaw"

      There's a redundancy in there somewhere. I can't quite put my finger on it.

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
    5. Re:Well... by DigitAl56K · · Score: 5, Insightful

      Although this has a funny side, the impact of anti-virus software these days can be quite nasty. I'm personally an advocate of anti-virus software for the vast majority of people out there who are not specialists in computer security and really don't have much reason to keep track of all the latest exploits (technical or people-based). Good anti-virus software strikes an appropriate balance between a low impact on user experience and providing a reasonable level of protection.

      However, count yourself lucky if you don't end up on the wrong end of today's anti-virus products. Here we have a story about one product warning users about an essential file for their OS and warning them to remove it. I've seen similar problems with other legitimate software on my system and my vendor doesn't provide any clear way of submitting a file for analysis to have their defintions corrected unless I take action in the software to quarantine it first, which obviously, knowing the file is fine, I don't want to do.

      I also work at a company that distributes software to millions of people every month. It is rare that we can go more than a couple of months these days without some anti-virus package telling users that some component of our software or installers contains a virus, which is completely untrue. And when this happens there is no solution to the problem. I have spent hours on the phone trying to reach several different vendors on behalf of our users before trying to get them to fix their products. It's usually impossible to get through to anyone who can actually help. You can submit a file for analysis to have it verified as clean and hope that the vendor will correct their definitions. This can take 24-48 hours, meanwhile hundreds of thousands of your customers are being falsely informed that there is a virus in your product. And no matter your reputation people tend to lose trust when there is a big red box on their screen warning them about viruses.

      After dealing with this time and time again I've come to the conclusion that it's simply best to wait for end-users themselves to complain in enough volume to their AV vendors to have these problems corrected. Certainly I have never found any other solution that works faster. And still, the same vendor may falsely flag the same software just months later. You can't even QA against every anti-virus package out there, some packages update their definitions every three hours, so you can only ever know if you'll flag an AV detection at the instant of testing and even if you do know you're getting flagged you have the same problem - no way to resolve the issue with the vendor.

      Imagine the consequences to a person who kept falsely telling millions of people your product would infect their computers. It would surely be grounds for libel.

      Again, I believe that AV software can be both useful and valuable. But the AV industry itself is a menace and vendors are often unaccountable for their actions.

    6. Re:Well... by Anonymous Coward · · Score: 5, Funny

      )get rid of the viruses (virii?)

      Viruses is the correct plural. Virii only makes you look like a pretentious fuckwit and is piss-poor Latin grammar.

      http://linuxmafia.com/~rick/faq/plural-of-virus.html

      Now write it out 100 times. If it's not done by sunrise, I'll cut your balls off.

    7. Re:Well... by Ihmhi · · Score: 5, Interesting

      AVG recently detected the OpenOffice 3.0 installer as a trojan.

      It also did the same with keyfinder, a program that discovers the serial for Windows XP after it's been installed. (How I miss the days of just looking in the registry...) I have a lot of customers who lose their serials (and sometimes even their CDs), and I get a bit annoyed when it gets erased off of my flash drive every time I plug in it.

      Thankfully I can restore it back to its original location, but it's a hassle.

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    8. Re:Well... by syousef · · Score: 5, Funny

      Just doing it's job!

      At 16:42:34 AVG achieved sentience and decided that the user(32.dll) was the problem.

      --
      These posts express my own personal views, not those of my employer
    9. Re:Well... by Opyros · · Score: 5, Informative

      Arguably, it should just be "viruses". Not all Latin words retain Latinate plurals in English (e.g. "circus/circuses"), and not all Latin words ending in -us had plurals ending in -i. See this excerpt from the alt.usage.english FAQ for more. </pedantry>

    10. Re:Well... by wiz_80 · · Score: 5, Insightful

      Windows assumes all users are idiots, including and especially Administrator.

      Whether this is an accurate or correct assumption is left as an exercise for the reader.

      Unix-style OSen, OTOH, are quite happy to let you shoot off your own foot, ankle, shin, knee, and indeed any body part you care to name, and supply an endless variety of interesting weapons and weaponizable tools to enable you to do so.

      --
      " There is a rational explanation for everything. There is also an irrational one. "
  2. It's sad... by FF8Jake · · Score: 5, Insightful

    It seems like AVG has gone massively downhill lately.

    1. Re:It's sad... by maxume · · Score: 5, Informative

      Go to the install directory and rename "avgresf.dll" and "afgmwdef_us.mht" (adding a .bak or whatever should work fine). I did this a few days ago and the notification bar is no more, with no apparent problems.

      Also, don't tell anyone, to prevent AVG from changing it.

      --
      Nerd rage is the funniest rage.
    2. Re:It's sad... by mrsteveman1 · · Score: 5, Funny

      "nearly 80% of all websites kill a kitten when you visit with out a spyware blocker?"

      It's actually one of the HTTP status codes

      463 - NO_MORE_KITTEN

    3. Re:It's sad... by e+r+i+k+0 · · Score: 5, Informative

      I'm thinking that's a server-side error, so it should actually be 563 No More Kitten if you're following RFC 2616 correctly.

  3. Re:doh by ShadowBlasko · · Score: 5, Insightful

    you get what you pay for?

    So, those of us who have paid for (what used to be called) the SoHo version, or any of the other versions should just grin and bare it? I dont think so. I'm pissed. It's not all freeware

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order- Ed Howdershelt Via Tass
  4. not what it seems by savuporo · · Score: 5, Funny

    This is actually a patch that they tried to roll out to fix Ubuntu bug #1, a great stride forward too.

    --
    http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
  5. Should have gone for the gold... by phmadore · · Score: 5, Funny

    Should have gone for the gold, marked Explorer.exe and iExplore...

    1. Re:Should have gone for the gold... by Anpheus · · Score: 5, Funny

      You haven't used Microsoft software in a while, have you?

  6. Re:doh by McNally · · Score: 5, Insightful

    you get what you pay for?

    It'd be nice to think that that was true, but based on the number of totally f'ed up McAfee and Norton situations I've seen, it's not even close to safe to conclude that for-pay anti-virus products are reliably more trouble-free than ones that don't cost money for home use.

  7. Re:doh by Anonymous Coward · · Score: 5, Funny

    Actually the free versions always get their updates later than the paid for versions, so it's the paying customers who were affected the most by this.

  8. Re:doh by thetrick · · Score: 5, Informative

    McAfee had a similar issue:

    http://it.slashdot.org/it/06/03/13/1322215.shtml

  9. Re:Arrr! by Anonymous Coward · · Score: 5, Informative

    No, Avast ye scurvy viruses, dammit! Not everything that looks vaguely latin should be pluralized with an i, and most certainly nothing should be pluralized by changing the word-final "us" to "ii"! You're just a dumbass trying to look educated, and failing miserably. http://dictionary.reference.com/browse/virus

  10. Re:Sigh by nonewmsgs · · Score: 5, Interesting

    I administer a network of a about 200 windows systems, and we use almost exclusively AVG Free. Oy vey, am I gonna have a long day on Wednesday, maybe I should just unplug the phone now.

    i thought the AVG free license was for personal non-commercial use.

  11. Re:Arrr! by Anonymous Coward · · Score: 5, Funny

    That should be Pirii, not Pirates.