Feeds

back to article AVG slaps Trojan label on core Windows file

Some users of AVG were left with unusable Windows systems after the popular AVG security scanner software slapped a Trojan warning on a core Windows component. AVG tagged user32.dll as a banking Trojan following a signature update issued on Sunday, advising users to delete the "harmful file". Users following this advice would be …

COMMENTS

This topic is closed for new posts.
Linux

Engage warp-factor "Smug"

Icon says it all.

0
0
Bronze badge
Unhappy

Has AVG lost its way?

Ever since 8.0 I must say I am less than impressed with AVG

It kept breaking sp3 updates because it is impossible to turn it off - I had to uninstall the programme to get the update to run properly.

0
0
Gold badge
Boffin

Top tip for AV vendors...

If the file you've just fingered has a valid digital signature from Microsoft then the odds are heavily against it being a virus and the consequences of deleting it are almost certainly very bad PR.

0
0
Coat

Wham bars used to be way bigger too

False positives are going to happen once in a while. The main problem with AVG is that it used to be much better, it is getting too fat. The same happened with Ad-aware, the same is true for iTunes. AVG doesn't even update properly any more.

Come on guys, you are supposed to make these things better not worse! It is software, not sweet manufacture. I want sleeker, faster, better software - I want my Wham bars back the the giant, fat pink, sugary goodness they were when I was 8.

0
0
Anonymous Coward

Abandon!

Since the bloated 8.0 "upgrade" I have abandoned AVG as a waste of resources and time. Avast now runs on my computers (apart from the Linux ones, of course).

0
0
Thumb Down

Recover your system??

You can only recover your system if you have access to a working system in the first place most folk will think it was their system and a virus rather than the AVG-Virus already installed.

0
0
Paris Hilton

Avast

I switched to Avast years ago, mainly for the reason that the system tray icon was prettier. Glad I did in retrospect.

0
0
Anonymous Coward

@smug coward

Remember Pingu that this time it was AVGs fault not Microsoft's fault.

0
0

nod32

Thinks my Samsung i8510 (purchased on the recomendation of this ol site) is a virus. Stick it in and it complains autorun.inf is a potential threat.

Nice. Shame that to as Nod32 is the best hassle free antivirus I've ever used.

0
0
Thumb Down

re Has AVG lost its way?

yes... :-(

my full fat version stopped working in an automatic way.. no updates, no scans no nothing... it all worked manually but not automatically. My support request remains unanswered some 6 weeks down the line... I decided to uninstall and reinstall the application... copied my licence key using their "Copy licence Key" utility only to find that when I tried to use said key the utility hadn't copied it all (it missed the last few characters) and so I was unable to reinstall the app because it wouldn't accept my key was valid.... ho ho ho.... they managed to respond to that support request in under a week so thats an improvement....

0
0
Stop

big problem

I had to ditch McAfee after it falsely flagged an application I needed as a trojan. It would move the file into quarantine and, although you could get it out, it would immediately put it back! McAfee did not respond to my requests for help although I tried several times. Now I use Avira; it also flags the file as a trojan, but gives me the option to ignore.

http://www.virustotal.com/analisis/dd70e9dc78d0b1b1eeb45d25e09989b1

0
0
Anonymous Coward

Windows

Funny, but I thought the entire Windows WAS a trojan?

Oh silly me, that's just my misunderstanding.

0
0

This post has been deleted by its author

Silver badge

Hmmm...

Given my personal experiences of ZoneAlarm, I don't think that label was entirely incorrect.

@Colin Millar - You can turn it off, it's just not quite so easy to do as 7.5 (which for me means that less numpties will accidentally turn it off!).

Open AVG user interface

Double click (or right click, Open) resident shield

Tick box down the bottom of the panel "Resident shield active"

0
0
Bronze badge

I get nervous

It's also hard to stop AVG from automatically deleteing files, and it claimed to find a Trojan in Open Office.

0
0
Joke

Time to move on

Well, with all these false positives, I'd better move on. Maybe I'll choose Norton ... oh wait, it sucks. Maybe I'll choose McAfee ... oh wait, it has stricter hardware requirements than Vista with all of its bloatware. Maybe I'll choose Trend Micro ... oh wait, it sucks now too. I know, I'll bypass the need for virus protection and go to a Mac ... oh wait, I don't have that holier-than-thou requirement. So I choose Linux ... oh wait, I like playing games on my computer.

I guess I'll choose the last competent antivirus program left. I'll choose NOD32.

0
0
Linux

After mere minutes of consideration...

I can't quite bring myself to the point of actual disagreement with either of these "false positives". A Windows machine in a "fail to boot" mode is probably safer for all concerned. Unquestioningly trusting the advice of anti-virus software is about a half-step away from trusting pop-up adverts for anti-virus software, and that seldom leads anywhere good.

0
0
Unhappy

AVG have issues

We've been trying to get them to remove a false positive with our software for months. The acknowledged it's a false positive then did.. precisely nothing.

Their engine seems to just pick random executable files and decide they're infected.. presumably to boost their claim to 'fix 5 quadrillion viruses' or something.

AVG around version 6 used to be the best out there.. the latest ones I wouldn't recommend.

0
0
Gates Halo

AVG?

Just change to Avast and be done with it!

0
0
Thumb Down

this shouldn't be possible

And only happens because windows fails to keep other programs from even being able to load anything into the windows subfolder(s) or onto parts of the harddrive where they shouldn't be in the first place.

0
0
Silver badge
Paris Hilton

Not seen here.

All my home XP systems that run AVG are up to date and haven't shown the issue. Friends I know that use AVG also are telling me they have not seen the issue. Either it was fixed very quickly or was limited to a certain download server.

Paris because.... well, just about any excuse, really! :)

0
1
Linux

Some might argue...

that windows is a virus, so this would be correct behavior...

0
0
Stop

Typical

Why is is that companies like AVG start off really well, producing quality stuiff then suddenly they seem to forget the core functionality of the software and concentrate on needless, worthless PITA bells and whistles (LinkScanner anyone?)

FFS sake get back to core, it really is what you do best.

By the way, who is paying for the support to get the numerous disabled PCs fixed? I suspect there'll be some sort of Class Action thingy being banded about sometime soon.

So AVG, get back to and concentrate on core and avoid this shit. If anyone of your fancy boys in Management or Marketing says otherwise, fire them to fuck, they are troublemakers and/or in cohorts with the Lawyers and are NOT to be trusted.

You know I am right

0
0
Dan
Silver badge
Pirate

AVG is sinking, arrr

Abandon ship, switch to Avast!, me 'arties.

0
0
Paris Hilton

Their support is also broken.

On the FAQ 1574 page, it gives the link to FAQ 1575 for those who don't have a WinXP installation CD (like all of use with preloaded machines and have "recovery discs" which reimage factory settings).

Their advice on FAQ 1575?

The requested FAQ cannot be found. Please use the search or browser function in the FAQ section.

Paris, because her links aren't that broken.

0
0
Dead Vulture

Less Heavy Beer Drinking .. More Paying Attention!

Perhaps the AVG guys are spending too much time with their heads in the dark beer still, instead of in their code. I am getting pretty fed up with the numerous blunders AVG has made over the last year and a half! They increasingly have a decreased level of credibility in the AV program world .... to the point where Norton is looking pretty good again!

0
0

I have always found

that online forums/updates are especially useful when your PC is in a continuous reboot cycle, or even fails to boot completely.

0
0
Unhappy

Dear AVG

Your antivirus software used to be the Dog's Bollocks. Unbloated, free, efficient and well-thought of by most.

Then, with version 8, you decided to 'encourage' people to upgrade from the free product by persistently nagging them and making it nigh on impossible to update. Now you are bollocks. A fall from grace to rival Tony Blair.

I have Nod32 now, and peace of mind for the first time since I uninstalled AVG7.5. Nice knowing you.

"If it ain't broke, it probably doesn't have enough features yet"

0
0

I still prefer it

I've used AVG free for quite a few years, and it's online and email protection is excellent in recent years

There's no *protective* suite I'd recommend, and I went to AVG because Norton AV standalone nearly 7 years ago had horrible support, regular false positives, broken updates or virus breaking Norton itself

however .. how hard is it to include in a AV signature, and it's client side programming, critial system file names or attributes ( like directory path or file attributes ) that trip a warning ?

.. or allow a Windows warning that you are about to delete / modify / move a critical system file ?

I can understand a false positive on Zone Alarm .. I haven't heard of an AV program without similar false positives, but not testing a signature by running several machines with the most popular software installed by updating them through normal online update and running a scan is a FAIL in the QA process

that being said, AVG still good for me, but I'm a *careful* user and enough of a geek to read the file path and know when a file name could be a system file, and investigate before deleting ..

and really, it's the same people that take little caution or are computer ignorant that get caught by trojan pop-ups saying: 'critical system files infected .. click here to fix'

basicly, until Windows users get educated about Windows and Windows apps, there will always be a problem, it can't be made *secure* in the sence that it can be made idiot proof

0
0
Thumb Up

Just a remark about nod32

I tried it some years ago when i gave up on norton and mcafee as being shite. Nod32 ran beautifully and when my demo time was up and i unintalled it; i wrote to their support folks figuring i would never hear back from them. Imagine my surprise when i got a great response from them the next day...understandable and plain english. delightfully good!

0
0

Not a problem for English language users

English language users of Windows XP SP2 are unaffected by the recent reported problems related to the most recent update to commercial and free versions of AVG 7.5 and AVG 8.0. The problem only affects users of the Dutch, French, Italian, Portuguese, and Spanish language versions of Windows XP SP2.

Full details about the problem and what AVG is doing about it are available at http://www.avg.com.au/index.cfm?section=news&feature=115

Best Regards, Lloyd Borrett

Marketing Manager, AVG (AU/NZ)

Australian & New Zealand distributors of AVG Anti-Virus & Internet Security Products.

www.avg.com.au

0
0

Makes me glad

That my AVG's auto-update feature has been broken for weeks...

0
0
Stop

AVG 8.0

8.0 fatter, slower and less user friendly than 7.5. And it has a nasty habit of interfering with applications using MS SQL Server. I had too remove AVG from my office workstation when that happened. Now I've purchased Avast! which has no fancy extras, it just sits there in the tray, doing its job requiring very little resources. It has what I need, nothing more, nothing less.

0
0
Joke

@smug coward, Alex Wright, Peter H Coffin

I looking forward to a series of "I'm a Linux user" adverts along the lines of the recent "I'm a PC, and this is my _unusual_ office" Microsoft campaign - although it would probably reinforce the stereotype that your messages seem to suggest.

0
0
Pirate

F***ing AVG

Even if I thank El Reg for the information, I'm extremely ennoyed to read this

2 days ago, I've been called by my neighbor with exatcly the same symptom (boot loop). Since he's blind, lives alone, and relies on a vocal SW which only speaks french, and he doesn't understand english (the only language for AVG free ed.), he could never tell me what happened, only that AVG "said something", he pressed "something" and next reboot was a loop.

End of the day, at the date of this news publication, I had reinstalled the OS, and finally lost my whole day on this, to recover the situation.

The only good thing is he now has avast, which even speaks french when detecting something suspect. Like approx everyone here, I've grown already tired of AVG's inability (V8) to update patterns and ditched it. I'm gonna send a mail to all people I know to ditch this cursed piece of malware.

0
0
Silver badge

@Time to move on

Panda Antivirus? One of my former jobs had the corporate version installed, and the only PCs that got infected since then were the ones that weren't running the thing.

Me? I'm stuck with ZoneAlarm, which also gave me a false positive some months ago, eating away my Yahoo! Messenger. Bleh.

0
0
Paris Hilton

Again?

NOD32 FTW.

AVG is a case of you get what you pay for - nothing (unless you pay for it, then you are an idiot)

0
0
Stop

@Daniel

Isn't Yahoo spyware?

I call that security software doing its job.

0
0
Thumb Up

AVG still one of the best!

As you mentioned, most if not all other anti-virus scanners have had problems with false-positives. One I had bitter experience with identified a good deal of MS Office as virus-laden (this is of course a value judgement :-)

Having said that, AVG has a very very small footprint and performance overhead on the system compared to others.

What's a non-booting machine between friends anyway?

I have no connection with Grisoft other than being a very, very satisfied user.

0
0
This topic is closed for new posts.