My wife's laptop just got hit by this false positive which brings AVG to wrongly isolate a file needed to start up XP 
.
AVG virus scanner removes critical Windows file
Nov.10, 2008 in News
An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.
Both AVG 7.5 and AVG 8.0 were affected by the update; a revised signature database has just been published that corrects this issue. People that have removed the user32.dll can either boot from their original Windows CD and choose the repair option, or use another CD to boot from and restore the file from C:\Windows\System32\dllcache. If you happen to need a bootable CD: my personal favorite is the Ultimate Boot CD (mirror of UBCD 4.1.1 ISO).
AVG claims to have approximately 80 million users worldwide; there is no official reaction on the AVG website yet, but FAQ item 1574 in their support section covers a “False positive user32.dll” and offers some advice on restoring your system using the Windows Recovery Console.
AVG’s popularity stems mainly from the free version they offer for home users; if you’re looking for an alternative free virus scanner for Windows I highly recommend Avast!. ClamWin is another alternative; it’s a Windows port of the popular Linux scanner ClamAV.
Update:AVG has responded on their forum, but there is no press release or other info on their main website yet, other than the info in their FAQ. The response in the forum:
Update 3: A reader suggested Avira as another alternative free virus scanner; I’ve never heard of it, but you can check it out here. And of course, if your virus scanner should ever detect a file that looks to you like a false positive, head over to virustotal.com and submit it to all major virus scanners at once!
. AVG virus scanner removes critical Windows file
Nov.10, 2008 in News
An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.
Both AVG 7.5 and AVG 8.0 were affected by the update; a revised signature database has just been published that corrects this issue. People that have removed the user32.dll can either boot from their original Windows CD and choose the repair option, or use another CD to boot from and restore the file from C:\Windows\System32\dllcache. If you happen to need a bootable CD: my personal favorite is the Ultimate Boot CD (mirror of UBCD 4.1.1 ISO).
AVG claims to have approximately 80 million users worldwide; there is no official reaction on the AVG website yet, but FAQ item 1574 in their support section covers a “False positive user32.dll” and offers some advice on restoring your system using the Windows Recovery Console.
AVG’s popularity stems mainly from the free version they offer for home users; if you’re looking for an alternative free virus scanner for Windows I highly recommend Avast!. ClamWin is another alternative; it’s a Windows port of the popular Linux scanner ClamAV.
Update:AVG has responded on their forum, but there is no press release or other info on their main website yet, other than the info in their FAQ. The response in the forum:
Unfortunately, the previous virus database might have detected the
mentioned virus on legitimate files. We can confirm that it was a
false alarm. We have immediately released a new virus update
(270.9.0/1778) that removes the false positive detection on this file.
Please update your AVG and check your files again.
[...]
We are sorry for the inconvenience and thank you for your help.
Update 2: According to comments at ghacks, users of AVG version 7.5 might have an easier alternative: reboot in safe mode and disable the scanner, then update to the latest version.mentioned virus on legitimate files. We can confirm that it was a
false alarm. We have immediately released a new virus update
(270.9.0/1778) that removes the false positive detection on this file.
Please update your AVG and check your files again.
[...]
We are sorry for the inconvenience and thank you for your help.
Update 3: A reader suggested Avira as another alternative free virus scanner; I’ve never heard of it, but you can check it out here. And of course, if your virus scanner should ever detect a file that looks to you like a false positive, head over to virustotal.com and submit it to all major virus scanners at once!
. I keep AVG stiil, as it has served me well otherwise for the past few years.