In association with heise online

12 November 2008, 09:16

AVG gives false alarm for Windows system library

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

AVG Anti-Virus 8.0 incorrectly identifies the Windows system library user32.dll as a Trojan and recommends that it be deleted. Anyone who follows that suggestion will find Windows will no longer start up. This is particularly serious because the free version of AVG antivirus is very widely used.

AVG displays an error message claiming that the system file contains a threat, either "PSW.Banker4.APSA" or "Generic9TBN". AVG has now confirmed that this is an error and it has eliminated the problem with a signature update, but users who had already deleted the file as the program suggested must replace it before the system is shut down, or it will fail to boot. If they have a Windows installation CD, they can do so using the Repair function or the recovery console, as described by Microsoft (see the section "Method 1: Use Recovery Console to restore the User32.dll file"). If no Windows CD is available but the user has another working computer, AVG provides a third option, a "fix-it tool" that can be booted from a CD or USB stick.

This problem adds weight to critics who say that false alarms by antivirus programs have become a real nuisance. Why they occur in such large numbers with this particulareuser32.dll Windows system library is a puzzle though. Just last week, the Kaspersky and G Data antivirus programs erroneously detected a virus in certain versions and, in January, the G Data and Avast watchdogs also decided user32.dll contained malware. It would be reasonable to expect the producers of AV software at least to actually test their signatures against the main system files before publishing them, or to protect them against such embarrassing breakdowns with appropriate "whitelist" entries.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-738085
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit