AVG issues incorrect virus signature

News by Dan Raywood

An update for the AVG virus scanner contained an incorrect virus signature.

An update for the AVG virus scanner contained an incorrect virus signature.


The update led the scanner to think that user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN, which caused AVG to recommend deleting the file. Keeping it caused the affected systems to either stop booting or go into a continuous reboot cycle.


Both AVG 7.5 and 8.0 were affected by the update and a revised signature database has just been published that corrects this issue. The company reported that anyone who has removed the user32.dll can either boot from their original Windows CD and choose the repair option, or use another CD to boot from and restore the file from C:\Windows\System32\dllcache.


In response, AVG said: “Unfortunately, the previous virus database might have detected the mentioned virus on legitimate files. We can confirm that it was a false alarm. We have immediately released a new virus update (270.9.0/1778) that removes the false positive detection on this file. Please update your AVG and check your files again. We are sorry for the inconvenience and thank you for your help.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike