Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: AVG Update Bricking windows 7 64 bit - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
AVG Update Bricking windows 7 64 bit

 We've had a few reports on AVG updates breaking things on Windows 7 64 bit  (thanks Bill, et all). 

The problem lies with the mandatory update. 

The AVG site has some info on how to deal with the issue here

  • Basically get the machine started somehow (use AVG rescue Disk or any Linux Live CD).  In the windows/system32/drivers directory rename everything starting with avg. Reboot and your system will be back (minus the AV). I  guess it will then be a matter of waiting for it to be fixed, reinstall or change to something else.  



392 Posts
ISC Handler
Dec 3rd 2010
More info here:

AVG help:
Home and Free customers: +1-877-367-9933
Business customers: +1-828-459-5436

Gentle reminder. If you are running Truecrypt or similar, you may need to decrypt the system disk before attempting a rescue.

10 Posts
There were issues for non 64 bit Win 7 boxes. With Version 9 (paid corporate edition), we experienced having our users receive interactive messages asking them to install the AVG toolbar. AVG told me that this was another issue with that update and the toolbar request should have only gone to home users. We intentionally don't install the toolbar on business instances. Another issue noted was that the "safe search" IE plug in feature would crash IE 7 and IE 8 if you had Bing or Live Search (same thing) set as your default search provider. We had to disable this feature until there is a fix.

This issue brings up the issue of AVG's QA processes. I dealt with the McAfee update from hell earlier this year with another customer. In both cases it appears that basic QA controls would have prevented the release of the problematic updates. I have had discussions with my customers about delaying updates to both definition updates and app updates so that testing can be performed. That is a catch 22 when you have 40K+ new malware variants identified daily. Anyone testing every definition and app update release in your environment?

This is one more case for whitelisting in combination with traditional AV. You could easily delay app/def updates for days for testing if you had a solid whitelisting solution in place. Food for though.
Saw this issue with XP 64bit, 7 64bit and SBS2008 so far.

Quicker fix then the above from AVG.

Boot using AVG Rescue CD or any bootable OS disk.
Delete the AVG directory under program files (x86), the system should now boot.
Use the AVG removal tool to remove remaining files and reg entries.
Reinstall AVG and update if needed.

AVG has had so many false positives I finally gave up on them. If this is not one of those situations, it is still only a matter of time before they err on a clean system file and similar to this happens.

25 Posts
I've been running AVG for awhile and just like any other app it definitely has its hiccups ... and it dang near bricked my Win 7 ... restore worked. What freeware AV is everyone running with now days?
1 Posts
GMDGeek, lately I've been recommending Microsoft Security Essentials to the people I used to recommend AVG to. The heavy integration with Windows is a big benefit for unsophisticated users, because they never have to manually install an update to keep it current.
Wanted to chime in here. I want to requote David's post. MSE is a very good AV. It's one of those set and forget AVs. I also suggest Avast as their recent overhaul of the UI makes it a pleasure to work with.

If AV companies keep up this trend of bricking computers, I may start up my own computer repair shop.
When I googled MSE, I found a link ranking it, with the spokesman for AVG dissing it as not any good. Irony lives.
@Nate - thanks for the reminder
@Adam - thanks that will certainly also do it.
@stw - it will be an intestine day when one av vendor says "you know what x's product is pretty darn good, better than ours even"

I usually suggest people use the MSE mainly because then they no longer call me to fix their machine. That is until MSFT bricks a machine through an AV update.

392 Posts
ISC Handler
I will have to try MSE. I have tried all previous MS attempts at Anti-malware. First was MS Antispyware (rebranded), then Defender and then did a proof of concept of the first generation of Forefront end point. I was not impressed with any of them. Maybe they finally got this figured out.
AVG used to it's as bloated and ineffective as Symantec is...very sad.

35 Posts
"MSE is a very good AV. It's one of those set and forget AVs..."

Maybe. Maybe not:

AV-Test Product Review and Certification Report - 2010/Q3


160 Posts
I was under the impression that "bricking" meant to render a device permanently useless (or at least requiring hardware firmware to be written). Has the definition changed to the point that bricking also means broken in software and not just firmware?
1 Posts
I too have given up on AVG. I used to recommend it, but now it has too many issues to continue use. It breaks Office 2000 Outlook often on WinXP with Adobe CS4 plugins, and on Windows 7 it gets too deep and breaks the built in security of it. More or less making all of Microsoft's own work a waste.

The Microsoft solution is not bad and does work well in most cases. You'll find some odd ones that make you say hmmm.. like Conficker (Down and Up.B) not being fully removed, but most of it's targets are hit dead-on! I also like Avast and Avira. Have been exploring the Viper lately, but find that it's corporate interface is weak. The rest (personal ed) seems okay.. so far.

Al of Your Data Center

80 Posts
I too wondered if the term "bricking" has changed definitions. I have only heard the term in reference to something hand-held or smaller where the firmware or ROM was changed to make the device unusable without a factory reset of the hardware.
Nathan Christiansen

20 Posts

Sign Up for Free or Log In to start participating in the conversation!