AVG and Rising signatures update detects Windows files as malware

AVG's false positive causing downtime for Windows users is happening a week after Rising antivirus apologized to its customers for falsely detecting Outlook Express as malware leading to loss of emails, and yes, productivity too.

The impact of the false positive leads to a continuous reboot cycle :

"An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue."

"Unfortunately, the previous virus database might have detected the mentioned virus on legitimate files. We can confirm that it was a false alarm. We have immediately released a new virus update (270.9.0/1778) that removes the false positive detection on this file. Please update your AVG and check your files again.

We are sorry for the inconvenience and thank you for your help.

Best regards, Zbynek Paulen AVG Technical Support"

AVG and Rising aren't an exception to previous cases where components of Microsoft's Windows have been detected as false positives. In fact, in 2006 Microsoft's Anti-Spyware was detecting a competing solution as a piece of malware :

• CA's eTrust false positive for a Windows component - 2006
• Microsoft Anti-Spyware false positive for Norton Antivirus - 2006
• Kaspersky's false positive of Windows Explorer - 2007
• Symantec's false positive of Windows XP - 2007
• Trend Micro's false positive for Windows - 2008

Response time is crucial in such a situation, so the best thing the vendors can do is go public and provide assistance in fixing the problem.