Grisoft AVG Antivirus 7.5 on Windows XP False Positive that HURTS



This looks like a REALLY bad false positive. It appears that AVG 7.5 for a short period of time detected user32.dll as a trojan horse. (trojan horse psw banker4). It looks as though update to the virus database VDB 270.9.0/1778 fixes the problem.

Unfortunately if you have been bitten by this, you’ll need to boot into a Rescue or Repair Console and do the following (from the Link above)…

Fix

When AVG have performed the same action on your PC, cleaning/removing user32.dll, reboot your PC with the Windows XP CD, hit in the upcoming menu the “R” on your keyboard, hit “1″, hit “enter”, answer password question with “enter” on your keyboard, after that you get the command prompt c:\windows>
Type behind that prompt copy c:\windows\$NTuninstallKB925902$\user32.dll c:\windows\system32 and hit “enter” on your keyboard.

According to this story it affects both AVG 7.5 and 8…. there are several “you get what you pay for” kind of comments over there, but there are a lot of people that pay for AVG – it’s not JUST a free scanner. For that matter I seem to recall Symantec flagging a system file as a virus not too many years ago. That’s part of the problem with antivirus – it works at a system level, many of the recent releases not only do on-access scanning (scan something when you try to load or run it) but they also do the forced daily search of EVERYTHING… which does increase the odds that a false positive will bite you.

   Send article as PDF   

Similar Posts