Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 12 Nov 2008 8:45 am |
|
A faulty definitions updated caused AVG Anti Virus 7.5 and 8.0 to automatically quarantine and delete a required Windows XP System file; User32.dll, as soon a a scheduled scan came to that file, or when a user opened the System32 directory to search files in it. AVG released updated definitions shortly thereafter to fix the false positive. If your computer was still on and you checked for updates before shutting it down, you probably received the fixed definitions and are OK to operate as usual. You can read the details in an article on Network World.
If this update occurred while one of your PCs was operating and you either rebooted, or shut it down, before obtaining the updates that fixed the false detection, it will not boot into Windows again until you disable the AVG Resident shields using the Recovery Console and restore that file from your Windows CD or DVD. AVG has published some fixes on its support website.
If this has crippled your PC and you use Acronis True Image to make daily backups, insert your bootable Recovery CD (you made that CD when you installed Acronis, right?), boot into the recovery interface, locate the most recent backup of the entire computer and restore it to the C drive. You should be up and running within about a half hour, or so.
If you have Acronis but only make weekly backups your PC may be up to 7 days out of date. I make daily backups to avoid this situation. If you need help setting up a schedule to run daily Acronis backups there are several members here who can assist you, including me.
If you don't have any backup images, nor a Windows operating system CD /DVD, your hard drive might have a recovery partition hidden on it, from the computer's manufacturer. Reboot your computer and press the Pause key when the first screen appears. It will usually contain information about pressing a particular key to restore your computer to "Day-1" condition. You will lose everything you have saved or created since that day, but at least the PC will boot into Windows. This is a worse case scenario for most of you.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 12 Nov 2008 10:51 am
|
|
I just read about another method of recovery of an accidentally deleted User32.dll file.
The system can be restored by using the Windows XP Recovery Console to copy a backup of User32.dll into the System32 directory. If you have already installed the Recovery Console as a boot option, boot into it, then run the copy command listed in the next paragraph.
If you haven't installed the Recovery Console, but you do have your bootable Microsoft XP CD, it contains the Recovery Console. Boot from the Microsoft Windows XP CD and choose Setup Option "R" to Repair your Windows Installation using the "Recovery Console." You will be taken to a black screen with white text which will halt at a blinking command prompt (just like MS DOS). The Recovery Console command to type in would be as follows:
| Code: |
copy c:\windows\system32\dllcache\user32.dll c:\windows\system32\user32.dll
|
Press Enter and wait a second or two. If it reports "1 file copied" then the Windows boot portion of the problem is fixed. However, you will still need to disable the AVG Resident shields from the Recovery Console, as described on the AVG Support website, until you are able to boot into Windows and run a manual check for AVG updates and receive the patched definitions file. Don't forget to reactivate the resident shields after updating the definitions (as described on AVG Support site)!
If not try the following:
| Code: |
copy c:\windows\servicepackfiles\i386\user32.dll c:\windows\system32\user32.dll
|
If that doesn't work you will have to expand and copy it from the XP CD, as follows:
| Code: |
copy d:\i386\user32.dl_ c:\windows\system32\user32.dll
|
The above uses drive letter "d" as the source for the CD drive. Your CD drive letter may be different, depending on how many hard disks or partitions you have installed. So, if your Windows CD is in drive F, substitute F for D in the last command.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
