informa
/
Risk
News

Antivirus Vendor's Snafu Breaks Users' PCs

AVG customers that unknowingly deleted the user32.dll file ended up with a PC that either wouldn't reboot or would go into an endless reboot cycle.
AVG released an update of its popular anti-virus software over the weekend that misidentified a critical Windows file as a Trojan. That led to damaged systems after the program deleted a critical systems file.

The problem started on Sunday when the company released the signature that misidentified the user32.dll file, prompting the anti-virus software to ask users whether to delete the file. Those who chose to remove it ended up with a PC that either wouldn't reboot or would go into an endless reboot cycle, according to people on AVG's support forum. The problem appeared to only affect PCs running Windows XP.

AVG, which is best known for the free version of its anti-virus software, acknowledged the problem and quickly sent a fix of its virus signatures. The company also posted ways to fix the problem for those people unlucky enough to have deleted the file. One of the solutions was to download a utility created by the vendor, burn it to a CD and then use the disc to boot the damaged PC.

The incident was not the first time AVG, based in the Czech Republic, had released virus signatures with a false positive. The company's software less than a month ago misidentified CheckPoint's Zone Alarm as a Trojan, according to the U.K. tech site The Register.

Last December, the company filed subpoenas against Google, Microsoft, Yahoo, and domain registrar GoDaddy, seeking the identities of search advertisers responsible for fraudulently promoting counterfeit AVG anti-virus products through sponsored text ads. The company also sought domain registration information associated with the advertisers in order to identify those behind the sites selling the software.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5