Repairing your PC from the AVG disaster with TRK
Thursday, November 13, 2008
No doubt millions of people will have the problem with the Grisoft Antivirus (AVG) that had a false positive on the windows user32.dll file.
I had some PCs coming in too. Luckily not too many because ever since AVG 8 came out, I 've been replacing it with Avast.
Nevertheless, some of my 'customers' still had an AVG and now had BSOD's.
Here 's a way you can fix it with TRK.
If you 're lucky, the computer you 're working on has lots of $Uninstall directories from patches and such where you will find older copies from user32.dll. Even better is where you have a folder called c:\windows\system32\dllcache where you will find even more DLLs.
Whatever version of user32.dll you find on the affected computer, always look for the newest and in general, biggest one.
Here 's how I got it fixed:
-An easy way to find your way around is to boot with TRK connected to your LAN.
-run 'fileserver -g' for ease of use when you 're on your own trusted home network. It will report you on which address you can find your PC back.
-browse with a (working) Windows PC to the ip address of the affected PC. F.i. do Start => Run => \\
-go to the share where the windows system is located, f.i. \\\hda1
-browse to the windows folder
-right click on it and search (different in Vista, but you 'lll know what I mean).
-search for 'user32.dll' and make sure it shows you the file size and date in the search results.
-look for the newest, generally biggest version of user32.dll
-copy it back to \windows\system32
-reboot the PC

-If this doesn 't fix it yet, it might be possible other files are missing or bad versions are in place. In my case, I had this with gdi32.dll.
-To figure out on what your PC is still crashing, hit F8 before it starts booting Windows and select the option where it says not to auto-reboot after a critical failure -With gdi32.dll, it said it was missing an entry point at some address. This generally is caused because some older version is in place.
-Do the same as with user32.dll: search for the newest, biggest version of this file and put it back.
-Reboot and rerun procedure on other possible files until successfull.

It 's always a good thing too to run the command 'ntfsfix /dev/hda1' (after or before fileserver is running): this will invoke a chkdsk at Windows boot time.

After success, AVG will normally update itself with a decent av signature database, but I recommend to uninstall it and put avast on it since AVG 7.5 will be out of support soon and AVG 8 is as slow and heavy as Windows Vista itself.

Also recommended: clean up the PC by removing all $Uninstall$ folders, clear dllcache folder, clear %temp% (commandline: cd %temp%, cd .., rd /s /q temp),clear temporary internet files (rd /s /q "temporary internet files"), empty recycle bin, uninstall any unneccessary apps and for those who really want to digg in deep: get Hijackthis from trendmicro and remove any stupid programs from startup like Adobe quicklaunch f.i. Also browser helper objects that don 't ring a bell with me always get removed by me.
Never a bad idea is to install SP3 (just be carefull with some wireless cards, activate restore point if unsure).
hope this helps
No comments yet

Add/Edit Comment 
Name *
eMail  Will not be published!
Homepage  Will not be published!
Security Code Security Code
Enter Security Code  Case INSENSITIVE
Comment *
 Notify on follow-up  (E-mail address required)
Note that your comment after submission has to be approved.
Thanks for your understanding.
Note: If you are a registered user, on login these form fields
will be pre-filled with your information.