if you find that AVG comes up telling you that you have a virus with
"user32.dll" or it states you have the PSW.bankers4 APSA do NOT heal or send
this file to the virus vault. Click on "ignore"

Also

make sure you are up to date in updates
Make sure it says last update 11/9/08- if not update immediately- do a
manual update.(this was fixed in this update)
and the Virus DB says 270.9.0/1778 (you will find this in "statistics" on
the left side.

Now go look in "History" "Virus Vault"
look to see if you have the an infection in there called user32.dll

If you do you need to do this immediately or when you try to restart your
computer you will find it cannot start.


- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

This should put it back where it belongs.
If it doesn't allow you to restore it- you need to restart your computer in
SAFE Mode and do the same thing.

If this doesn't work then you need to do this

reboot your PC with the Windows XP

CD, hit in the upcoming menu the "R" on your keyboard, hit "enter",

answer password question with "enter" on your keyboard, after that

you get the command prompt c:\windows>
Type behind that prompt copy

c:\windows\$NTuninstallKB925902$\user32.dll c:\windows\system32 and

hit "enter" on your keyboard.

Remove the Windows XP CD, reboot, and Windows should function

normal again.

this file is a critical system file and many people found when they got this
alert and moved it to the vault or healed or or just did a regular scan and
it found it and moved it to the virus vault automatically they found once
they rebooted they died.

robin

robinb wrote:

> if you find that AVG comes up telling you that you have a virus with
> "user32.dll" or it states you have the PSW.bankers4 APSA do NOT heal

You're joking right? Does AVG test their own definition/pattern files?
"user32.dll" is an Operating system file...this would suggest to me
that AVG does not test their defintion/pattern files.

AVG has too many false positives for my liking and this is why I do not
use it or recommended it.

--
William Crawford
MS-MVP Windows Shell/User

i wish i was joking but it is all over the internet
unfortunetly they are not the only ones that do this.
I remember a few years ago Norton sent out an update that took off a system
file too and did not say it was a virus. when users restarted their
computers they found it would not start.
Avira which is suppose to be another good one, has its own problems too,
take a look at users problems on their forum
Unfortunetly nothing is sacred in software these days including OS's :P
robin
"WTC" <bcrawfordjr(remove)@hotmail.com> wrote in message
news:(E-Mail Removed)...
> robinb wrote:
>
>> if you find that AVG comes up telling you that you have a virus with
>> "user32.dll" or it states you have the PSW.bankers4 APSA do NOT heal
>
> You're joking right? Does AVG test their own definition/pattern files?
> "user32.dll" is an Operating system file...this would suggest to me
> that AVG does not test their defintion/pattern files.
>
> AVG has too many false positives for my liking and this is why I do not
> use it or recommended it.
>
> --
> William Crawford
> MS-MVP Windows Shell/User

Thanks for this Robin.

I guess this is yet another reminder to make sure we thoroughly investigate
ANY detection before deleting - or even quarantining - a suspect file.



"robinb" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> if you find that AVG comes up telling you that you have a virus with
> "user32.dll" or it states you have the PSW.bankers4 APSA do NOT heal or
> send this file to the virus vault. Click on "ignore"
>
> Also
>
> make sure you are up to date in updates
> Make sure it says last update 11/9/08- if not update immediately- do a
> manual update.(this was fixed in this update)
> and the Virus DB says 270.9.0/1778 (you will find this in "statistics" on
> the left side.
>
> Now go look in "History" "Virus Vault"
> look to see if you have the an infection in there called user32.dll
>
> If you do you need to do this immediately or when you try to restart your
> computer you will find it cannot start.
>
>
> - Choose "Virus Vault" option from the "History" menu.
> - Locate the file that was incorrectly removed and select it (one
> click).
> - Click on the "Restore" button.
>
> This should put it back where it belongs.
> If it doesn't allow you to restore it- you need to restart your computer
> in SAFE Mode and do the same thing.
>
> If this doesn't work then you need to do this
>
> reboot your PC with the Windows XP
>
> CD, hit in the upcoming menu the "R" on your keyboard, hit "enter",
>
> answer password question with "enter" on your keyboard, after that
>
> you get the command prompt c:\windows>
> Type behind that prompt copy
>
> c:\windows\$NTuninstallKB925902$\user32.dll c:\windows\system32 and
>
> hit "enter" on your keyboard.
>
> Remove the Windows XP CD, reboot, and Windows should function
>
> normal again.
>
> this file is a critical system file and many people found when they got
> this alert and moved it to the vault or healed or or just did a regular
> scan and it found it and moved it to the virus vault automatically they
> found once they rebooted they died.
>
> robin

"robinb" wrote
> this file is a critical system file and many people found when they got
> this alert and moved it to the vault or healed or or just did a regular
> scan and it found it and moved it to the virus vault automatically they
> found once they rebooted they died.

One of the very few things I'm sure about in this area is that I won't allow
any antimalware program to 'automatically' remove anything! I have all those
little boxes in AVG about automatically healing or quarantining UNTICKED by
default, and to anyone reading this, I'd suggest it's worth checking out.
Unfortunately they're scattered about all over the place:

Go to Tools > Advanced Settings. Now hunt for all the little 'Autoheal'
boxes and untick them:
There are 3 obvious ones under Scans (all the sub-menus)
But don't miss the ones under
Schedules/Scheduled Scan/How to Scan
Resident Shield

The sequence should be:
1. scan
2. detect
3. check file thoroughly.
4. quarantine if necessary
and the autoheal prevents you from doing that all-important third step.

This recent episode with AVG is a classic demonstration of the need to adopt
this approach.