Using the AVG False Positive User32.Dll Fix/Restore Tool
Many of our readers wrote telling that AVG AntiVirus Update 270.9.0/1777 caused serious problems with their Windows XP systems, deleting the User32.dll (false-positive issue) which prevented Windows XP from starting. AVG has documented this problem in their support pages immediately, and also released a definition update which does not has this problem.
They’ve also released a fix-it tool that can restore the quarantined User32.dll in the affected computers. If the file User32.dll is not available in the quarantined location (AVG Vault), then this tool gets a copy of the file from DllCache folder and places it in the System32 folder. This utility can be used if you don’t have a Windows XP CD and if the Windows XP Recovery Console is not installed in the system.
After restoring the User32.dll file, the tool disables AVG Resident Shield monitoring by renaming the corresponding executable files so that the problem does not surface again upon next boot. The user is supposed to update AVG virus definitions, rename the modules back and then restart the computer.
REF: AVG FAQ 1575: False positive "user32.dll" - fix tool.
We have prepared an utility which can fix the issue mentioned above. You can use the following boot media: either CD-ROM or USB flash drive. If you decide to use CD-ROM, please follow the instructions in part A), in case of USB flash drive follow the steps in part B). When finished it is necessary (in both cases) to follow additional instructions described in part C).
I created the boot CD and used it in my clients systems successfully to restore the user32.dll file. Here is a detailed write-up on the same.
Creating and Using the Bootable CD
From another computer running Windows XP/Vista/2003, perform the following steps to create the AVG User32.dll Fix - Boot CD.
1. Download bootcd_en.iso (~9 MB) from AVG Website
2. Download ISO Recorder PowerToy and install it.
3. Right-click bootcd_en.iso file and choose Copy image to CD
4. Follow the instructions and create a bootable CD.
5. Insert the CD into the CD-ROM drive of the affected computer and restart the computer. If it does not boot up from the CD, you may have to set the boot order (CD drive as the first boot device) in the BIOS setup.
6. Press ENTER when you see the following screen:
As you see, the tool tries to restore the quarantined file (user32.dll) from the AVG Vault folder. If it’s missing, then the DllCache folder is used as the source.
Update AVG and Re-activate the Resident Shield
Remove the boot CD and restart the computer. You should be able to start Windows XP now, with the Resident Shield disabled. The Update feature works fine though.
Right-click on the AVG icon in the Notification area and choose Update now. Follow the instructions and install the update.
Open the "C:\Program Files\AVG\AVG8" folder using Windows Explorer. Rename avgrsx.exe_off to avgrsx.exe & avgsched.dll_off to avgsched.dll.
Restart Windows so that the AVG Resident Shield starts working.
Copyright © 2008 Ramesh Srinivasan. All rights reserved.
RELATED POSTS
- Vista User Account Control (UAC) Replacement Tool From Norton Labs
- Add “Lock Workstation” Command to the Windows XP Start Menu
- Outlook 2003 Not Listed in Default Programs
- Default Programs List Is Completely Empty
- Is the Snipping Tool Missing in Your Windows Vista PC?
- Perform a System Restore Rollback on a Non-Bootable Windows XP Computer
- How to Reduce the Space Allotted to System Restore in Windows Vista
- How to Update the Repair Folder in Windows XP Using NTBackup
- Restore Point Creation Disabled by Group Policy
- Fix for System Restore Error 0×8007007B in Windows Vista
Like this site? Make sure you
November 28th, 2008 at 4:26 am
Work perfectly.
thanks.
November 21st, 2008 at 7:20 am
Take my advise carefully and thoughtfully, I’m not familiar with the fix/restore tool. Any advise from the supplier is probably better than mine.
Try making a second CD; the first one you made may may be corrupt.
Annie: From your description it is not clear if the boot loader or kernel is failing. After trying a second CD, if it doesn’t work, try using the boot-able USB drive method that I believe the supplier has.
Chris: After trying a second CD, if it stays stuck at the same location, try ctrl-c or ctrl-\ to break the shell. If you get a prompt, be careful you probably are root, type “fdisk -l” (that is the letter el, not a number 1) and write down what you see. These are disk devices, maybe there is something about yours that is not anticipated by the supplier. See if the supplier can help you, if you can get that information to them.
November 19th, 2008 at 8:46 pm
nothing happens in step 6 when i press enter. it just stays on that screen. any suggestions?
November 18th, 2008 at 7:24 pm
When I boot from CD in affected computer the booting process freezes after a couple of lines. Any ideas?
November 14th, 2008 at 6:23 am
Interesting that they use ttylinux as a base.