Santiago Palladino

Santiago Palladino

User32.dll deleted by AVG8

2 min
Nov 11 2008
security
2 min
Nov 11 2008

Last night I was a victim of the AVG8 bug that marked User32.dll as a trojan (just a false positive). What annoys me the most is not the bug per se, but the fact that AVG Heal option simply deleted the file without any warning or simply backuping it (just a "may lead to system inestability"), and that WXP just let him do it.  Damn, it's a system file!

Anyway, I've just found a blog with a good solution for those who keep a WXP CD next to their PC "just in case":

When AVG have performed the same action on your PC, cleaning/removing user32.dll, reboot your PC with the Windows XP CD, hit in the upcoming menu the “R” on your keyboard, hit “1″, hit “enter”, answer password question with “enter” on your keyboard, after that you get the command prompt c:windows>

Type behind that prompt
copy c:windows$NTuninstallKB925902$user32.dll c:windowssystem32
and hit “enter” on your keyboard.

Hope it works!

Update: It worked, mi home PC is back online! As a side note, there were several NTUninstall directories newer than 925902, although I didn't check all of them for a User32.dll, but maybe it could be possible to rollback to a newer User32. Anyway, since this one worked flawlessly, I'm not digging any more in the matter.