AVG False-Positive Sends XP Systems in Endless Reboot

The antimalware product wrongly labels a critical Windows DLL as malware

By Razvan BUDEANU | Published on 12th November 2008, 00:40 EET | 501 reads | Readers' opinions: 0

One of the updates issued this evening by Czech antivirus manufacturer AVG has spread havoc among Windows XP users. The signature update for the antivirus product wrongfully identified a critical system file in the Windows XP operating system as Trojan horse.

Upon „disnfection”, AVG users noticed that their systems were stuck in an endless reboot loop. Those less fortunate would only find out that their computer would not boot at all. According to AVG, only users running Dutch, French, Italian, Portuguese, and Spanish versions of the operating systems were exposed.


An emergency update has been already issued to customers, for both free and commercial licenses.

However, users whose computers have been brutally disinfected could do nothing but restore from backup or (if no backup was available) to reinstall from scratch. "AVG is actively working to remedy the problem some users are experiencing related to the most recent update to commercial and free versions of AVG 7.5 and AVG 8.0 in some languages,” claimed a company spokesperson.


„A number of users who installed the update mistakenly received a warning that the Windows system file user32.dll product version 5.1.2600.3099 was infected with a Trojan virus and were prompted to delete a file essential to the operation of Windows XP," said the representative for AVG.


Update: later this evening, the Czech antimalware company posted a step-by-step disaster recovery how-to as well as a customized tool for the affected users. This is not the only security incident related to false positives. Early in October, the Czech anti-malware product detected essential files in the Zone Alarm firewall applications as possible Trojan infections.