back to article AVG slaps Trojan label on core Windows file

Some users of AVG were left with unusable Windows systems after the popular AVG security scanner software slapped a Trojan warning on a core Windows component. AVG tagged user32.dll as a banking Trojan following a signature update issued on Sunday, advising users to delete the "harmful file". Users following this advice would …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Linux

    Engage warp-factor "Smug"

    Icon says it all.

  2. Colin Millar
    Unhappy

    Has AVG lost its way?

    Ever since 8.0 I must say I am less than impressed with AVG

    It kept breaking sp3 updates because it is impossible to turn it off - I had to uninstall the programme to get the update to run properly.

  3. Ken Hagan Gold badge
    Boffin

    Top tip for AV vendors...

    If the file you've just fingered has a valid digital signature from Microsoft then the odds are heavily against it being a virus and the consequences of deleting it are almost certainly very bad PR.

  4. Luke
    Coat

    Wham bars used to be way bigger too

    False positives are going to happen once in a while. The main problem with AVG is that it used to be much better, it is getting too fat. The same happened with Ad-aware, the same is true for iTunes. AVG doesn't even update properly any more.

    Come on guys, you are supposed to make these things better not worse! It is software, not sweet manufacture. I want sleeker, faster, better software - I want my Wham bars back the the giant, fat pink, sugary goodness they were when I was 8.

  5. Anonymous Coward
    Anonymous Coward

    Abandon!

    Since the bloated 8.0 "upgrade" I have abandoned AVG as a waste of resources and time. Avast now runs on my computers (apart from the Linux ones, of course).

  6. Frank Kerrigan
    Thumb Down

    Recover your system??

    You can only recover your system if you have access to a working system in the first place most folk will think it was their system and a virus rather than the AVG-Virus already installed.

  7. Kerberos
    Paris Hilton

    Avast

    I switched to Avast years ago, mainly for the reason that the system tray icon was prettier. Glad I did in retrospect.

  8. Anonymous Coward
    Anonymous Coward

    @smug coward

    Remember Pingu that this time it was AVGs fault not Microsoft's fault.

  9. Graham Jordan

    nod32

    Thinks my Samsung i8510 (purchased on the recomendation of this ol site) is a virus. Stick it in and it complains autorun.inf is a potential threat.

    Nice. Shame that to as Nod32 is the best hassle free antivirus I've ever used.

  10. Justabloke
    Thumb Down

    re Has AVG lost its way?

    yes... :-(

    my full fat version stopped working in an automatic way.. no updates, no scans no nothing... it all worked manually but not automatically. My support request remains unanswered some 6 weeks down the line... I decided to uninstall and reinstall the application... copied my licence key using their "Copy licence Key" utility only to find that when I tried to use said key the utility hadn't copied it all (it missed the last few characters) and so I was unable to reinstall the app because it wouldn't accept my key was valid.... ho ho ho.... they managed to respond to that support request in under a week so thats an improvement....

  11. Sureo
    Stop

    big problem

    I had to ditch McAfee after it falsely flagged an application I needed as a trojan. It would move the file into quarantine and, although you could get it out, it would immediately put it back! McAfee did not respond to my requests for help although I tried several times. Now I use Avira; it also flags the file as a trojan, but gives me the option to ignore.

    http://www.virustotal.com/analisis/dd70e9dc78d0b1b1eeb45d25e09989b1

  12. Anonymous Coward
    Anonymous Coward

    Windows

    Funny, but I thought the entire Windows WAS a trojan?

    Oh silly me, that's just my misunderstanding.

  13. This post has been deleted by its author

  14. Steve Evans

    Hmmm...

    Given my personal experiences of ZoneAlarm, I don't think that label was entirely incorrect.

    @Colin Millar - You can turn it off, it's just not quite so easy to do as 7.5 (which for me means that less numpties will accidentally turn it off!).

    Open AVG user interface

    Double click (or right click, Open) resident shield

    Tick box down the bottom of the panel "Resident shield active"

  15. Dave Bell

    I get nervous

    It's also hard to stop AVG from automatically deleteing files, and it claimed to find a Trojan in Open Office.

  16. Wade Burchette
    Joke

    Time to move on

    Well, with all these false positives, I'd better move on. Maybe I'll choose Norton ... oh wait, it sucks. Maybe I'll choose McAfee ... oh wait, it has stricter hardware requirements than Vista with all of its bloatware. Maybe I'll choose Trend Micro ... oh wait, it sucks now too. I know, I'll bypass the need for virus protection and go to a Mac ... oh wait, I don't have that holier-than-thou requirement. So I choose Linux ... oh wait, I like playing games on my computer.

    I guess I'll choose the last competent antivirus program left. I'll choose NOD32.

  17. Peter H. Coffin
    Linux

    After mere minutes of consideration...

    I can't quite bring myself to the point of actual disagreement with either of these "false positives". A Windows machine in a "fail to boot" mode is probably safer for all concerned. Unquestioningly trusting the advice of anti-virus software is about a half-step away from trusting pop-up adverts for anti-virus software, and that seldom leads anywhere good.

  18. Tony Hoyle
    Unhappy

    AVG have issues

    We've been trying to get them to remove a false positive with our software for months. The acknowledged it's a false positive then did.. precisely nothing.

    Their engine seems to just pick random executable files and decide they're infected.. presumably to boost their claim to 'fix 5 quadrillion viruses' or something.

    AVG around version 6 used to be the best out there.. the latest ones I wouldn't recommend.

  19. Daniel Voyce
    Gates Halo

    AVG?

    Just change to Avast and be done with it!

  20. Anonymous Coward
    Thumb Down

    this shouldn't be possible

    And only happens because windows fails to keep other programs from even being able to load anything into the windows subfolder(s) or onto parts of the harddrive where they shouldn't be in the first place.

  21. Matt Bryant Silver badge
    Paris Hilton

    Not seen here.

    All my home XP systems that run AVG are up to date and haven't shown the issue. Friends I know that use AVG also are telling me they have not seen the issue. Either it was fixed very quickly or was limited to a certain download server.

    Paris because.... well, just about any excuse, really! :)

  22. Alex Wright
    Linux

    Some might argue...

    that windows is a virus, so this would be correct behavior...

  23. Anonymous Coward
    Stop

    Typical

    Why is is that companies like AVG start off really well, producing quality stuiff then suddenly they seem to forget the core functionality of the software and concentrate on needless, worthless PITA bells and whistles (LinkScanner anyone?)

    FFS sake get back to core, it really is what you do best.

    By the way, who is paying for the support to get the numerous disabled PCs fixed? I suspect there'll be some sort of Class Action thingy being banded about sometime soon.

    So AVG, get back to and concentrate on core and avoid this shit. If anyone of your fancy boys in Management or Marketing says otherwise, fire them to fuck, they are troublemakers and/or in cohorts with the Lawyers and are NOT to be trusted.

    You know I am right

  24. Dan Silver badge
    Pirate

    AVG is sinking, arrr

    Abandon ship, switch to Avast!, me 'arties.

  25. Soruk
    Paris Hilton

    Their support is also broken.

    On the FAQ 1574 page, it gives the link to FAQ 1575 for those who don't have a WinXP installation CD (like all of use with preloaded machines and have "recovery discs" which reimage factory settings).

    Their advice on FAQ 1575?

    The requested FAQ cannot be found. Please use the search or browser function in the FAQ section.

    Paris, because her links aren't that broken.

  26. Webster Phreaky
    Dead Vulture

    Less Heavy Beer Drinking .. More Paying Attention!

    Perhaps the AVG guys are spending too much time with their heads in the dark beer still, instead of in their code. I am getting pretty fed up with the numerous blunders AVG has made over the last year and a half! They increasingly have a decreased level of credibility in the AV program world .... to the point where Norton is looking pretty good again!

  27. Darren B

    I have always found

    that online forums/updates are especially useful when your PC is in a continuous reboot cycle, or even fails to boot completely.

  28. Steve
    Unhappy

    Dear AVG

    Your antivirus software used to be the Dog's Bollocks. Unbloated, free, efficient and well-thought of by most.

    Then, with version 8, you decided to 'encourage' people to upgrade from the free product by persistently nagging them and making it nigh on impossible to update. Now you are bollocks. A fall from grace to rival Tony Blair.

    I have Nod32 now, and peace of mind for the first time since I uninstalled AVG7.5. Nice knowing you.

    "If it ain't broke, it probably doesn't have enough features yet"

  29. Erik Aamot

    I still prefer it

    I've used AVG free for quite a few years, and it's online and email protection is excellent in recent years

    There's no *protective* suite I'd recommend, and I went to AVG because Norton AV standalone nearly 7 years ago had horrible support, regular false positives, broken updates or virus breaking Norton itself

    however .. how hard is it to include in a AV signature, and it's client side programming, critial system file names or attributes ( like directory path or file attributes ) that trip a warning ?

    .. or allow a Windows warning that you are about to delete / modify / move a critical system file ?

    I can understand a false positive on Zone Alarm .. I haven't heard of an AV program without similar false positives, but not testing a signature by running several machines with the most popular software installed by updating them through normal online update and running a scan is a FAIL in the QA process

    that being said, AVG still good for me, but I'm a *careful* user and enough of a geek to read the file path and know when a file name could be a system file, and investigate before deleting ..

    and really, it's the same people that take little caution or are computer ignorant that get caught by trojan pop-ups saying: 'critical system files infected .. click here to fix'

    basicly, until Windows users get educated about Windows and Windows apps, there will always be a problem, it can't be made *secure* in the sence that it can be made idiot proof

  30. Anonymous Coward
    Thumb Up

    Just a remark about nod32

    I tried it some years ago when i gave up on norton and mcafee as being shite. Nod32 ran beautifully and when my demo time was up and i unintalled it; i wrote to their support folks figuring i would never hear back from them. Imagine my surprise when i got a great response from them the next day...understandable and plain english. delightfully good!

  31. Lloyd Borrett

    Not a problem for English language users

    English language users of Windows XP SP2 are unaffected by the recent reported problems related to the most recent update to commercial and free versions of AVG 7.5 and AVG 8.0. The problem only affects users of the Dutch, French, Italian, Portuguese, and Spanish language versions of Windows XP SP2.

    Full details about the problem and what AVG is doing about it are available at http://www.avg.com.au/index.cfm?section=news&feature=115

    Best Regards, Lloyd Borrett

    Marketing Manager, AVG (AU/NZ)

    Australian & New Zealand distributors of AVG Anti-Virus & Internet Security Products.

    www.avg.com.au

  32. Neil

    Makes me glad

    That my AVG's auto-update feature has been broken for weeks...

  33. Joakim Gabrielsen
    Stop

    AVG 8.0

    8.0 fatter, slower and less user friendly than 7.5. And it has a nasty habit of interfering with applications using MS SQL Server. I had too remove AVG from my office workstation when that happened. Now I've purchased Avast! which has no fancy extras, it just sits there in the tray, doing its job requiring very little resources. It has what I need, nothing more, nothing less.

  34. Anonymous Coward
    Joke

    @smug coward, Alex Wright, Peter H Coffin

    I looking forward to a series of "I'm a Linux user" adverts along the lines of the recent "I'm a PC, and this is my _unusual_ office" Microsoft campaign - although it would probably reinforce the stereotype that your messages seem to suggest.

  35. regadpellagru
    Pirate

    F***ing AVG

    Even if I thank El Reg for the information, I'm extremely ennoyed to read this

    2 days ago, I've been called by my neighbor with exatcly the same symptom (boot loop). Since he's blind, lives alone, and relies on a vocal SW which only speaks french, and he doesn't understand english (the only language for AVG free ed.), he could never tell me what happened, only that AVG "said something", he pressed "something" and next reboot was a loop.

    End of the day, at the date of this news publication, I had reinstalled the OS, and finally lost my whole day on this, to recover the situation.

    The only good thing is he now has avast, which even speaks french when detecting something suspect. Like approx everyone here, I've grown already tired of AVG's inability (V8) to update patterns and ditched it. I'm gonna send a mail to all people I know to ditch this cursed piece of malware.

  36. Daniel B.

    @Time to move on

    Panda Antivirus? One of my former jobs had the corporate version installed, and the only PCs that got infected since then were the ones that weren't running the thing.

    Me? I'm stuck with ZoneAlarm, which also gave me a false positive some months ago, eating away my Yahoo! Messenger. Bleh.

  37. Jacob Reid
    Paris Hilton

    Again?

    NOD32 FTW.

    AVG is a case of you get what you pay for - nothing (unless you pay for it, then you are an idiot)

  38. Jacob Reid
    Stop

    @Daniel

    Isn't Yahoo spyware?

    I call that security software doing its job.

  39. Anonymous Coward
    Thumb Up

    AVG still one of the best!

    As you mentioned, most if not all other anti-virus scanners have had problems with false-positives. One I had bitter experience with identified a good deal of MS Office as virus-laden (this is of course a value judgement :-)

    Having said that, AVG has a very very small footprint and performance overhead on the system compared to others.

    What's a non-booting machine between friends anyway?

    I have no connection with Grisoft other than being a very, very satisfied user.

This topic is closed for new posts.

Other stories you might like