Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: AVG Update Bricking windows 7 64 bit SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
AVG Update Bricking windows 7 64 bit

 We've had a few reports on AVG updates breaking things on Windows 7 64 bit  (thanks Bill, et all). 

The problem lies with the mandatory update. 

The AVG site has some info on how to deal with the issue here http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=94159

  • Basically get the machine started somehow (use AVG rescue Disk or any Linux Live CD).  In the windows/system32/drivers directory rename everything starting with avg. Reboot and your system will be back (minus the AV). I  guess it will then be a matter of waiting for it to be fixed, reinstall or change to something else.  

M

Mark

391 Posts
ISC Handler
More info here: http://preview.tinyurl.com/2f43nem

AVG help:
Everyone: updateissuehelp@avg.com
Home and Free customers: +1-877-367-9933
Business customers: +1-828-459-5436

Gentle reminder. If you are running Truecrypt or similar, you may need to decrypt the system disk before attempting a rescue.
Dshield

10 Posts
There were issues for non 64 bit Win 7 boxes. With Version 9 (paid corporate edition), we experienced having our users receive interactive messages asking them to install the AVG toolbar. AVG told me that this was another issue with that update and the toolbar request should have only gone to home users. We intentionally don't install the toolbar on business instances. Another issue noted was that the "safe search" IE plug in feature would crash IE 7 and IE 8 if you had Bing or Live Search (same thing) set as your default search provider. We had to disable this feature until there is a fix.

This issue brings up the issue of AVG's QA processes. I dealt with the McAfee update from hell earlier this year with another customer. In both cases it appears that basic QA controls would have prevented the release of the problematic updates. I have had discussions with my customers about delaying updates to both definition updates and app updates so that testing can be performed. That is a catch 22 when you have 40K+ new malware variants identified daily. Anyone testing every definition and app update release in your environment?

This is one more case for whitelisting in combination with traditional AV. You could easily delay app/def updates for days for testing if you had a solid whitelisting solution in place. Food for though.
Anonymous
Saw this issue with XP 64bit, 7 64bit and SBS2008 so far.

Quicker fix then the above from AVG.

Boot using AVG Rescue CD or any bootable OS disk.
Delete the AVG directory under program files (x86), the system should now boot.
Use the AVG removal tool to remove remaining files and reg entries.
Reinstall AVG and update if needed.

Anonymous
AVG has had so many false positives I finally gave up on them. If this is not one of those situations, it is still only a matter of time before they err on a clean system file and similar to this happens.
Greg

25 Posts
I've been running AVG for awhile and just like any other app it definitely has its hiccups ... and it dang near bricked my Win 7 ... restore worked. What freeware AV is everyone running with now days?
Greg
1 Posts
GMDGeek, lately I've been recommending Microsoft Security Essentials to the people I used to recommend AVG to. The heavy integration with Windows is a big benefit for unsophisticated users, because they never have to manually install an update to keep it current.
Anonymous
Wanted to chime in here. I want to requote David's post. MSE is a very good AV. It's one of those set and forget AVs. I also suggest Avast as their recent overhaul of the UI makes it a pleasure to work with.

If AV companies keep up this trend of bricking computers, I may start up my own computer repair shop.
Anonymous
When I googled MSE, I found a link ranking it, with the spokesman for AVG dissing it as not any good. Irony lives.
Anonymous
@Nate - thanks for the reminder
@Adam - thanks that will certainly also do it.
@stw - it will be an intestine day when one av vendor says "you know what x's product is pretty darn good, better than ours even"

I usually suggest people use the MSE mainly because then they no longer call me to fix their machine. That is until MSFT bricks a machine through an AV update.
Mark

391 Posts
ISC Handler
I will have to try MSE. I have tried all previous MS attempts at Anti-malware. First was MS Antispyware (rebranded), then Defender and then did a proof of concept of the first generation of Forefront end point. I was not impressed with any of them. Maybe they finally got this figured out.
Anonymous
AVG used to rock...now it's as bloated and ineffective as Symantec is...very sad.
James

34 Posts
"MSE is a very good AV. It's one of those set and forget AVs..."

Maybe. Maybe not:

- http://www.av-test.org/certifications.php
AV-Test Product Review and Certification Report - 2010/Q3

.
Jack

160 Posts
I was under the impression that "bricking" meant to render a device permanently useless (or at least requiring hardware firmware to be written). Has the definition changed to the point that bricking also means broken in software and not just firmware?
Jack
1 Posts
I too have given up on AVG. I used to recommend it, but now it has too many issues to continue use. It breaks Office 2000 Outlook often on WinXP with Adobe CS4 plugins, and on Windows 7 it gets too deep and breaks the built in security of it. More or less making all of Microsoft's own work a waste.

The Microsoft solution is not bad and does work well in most cases. You'll find some odd ones that make you say hmmm.. like Conficker (Down and Up.B) not being fully removed, but most of it's targets are hit dead-on! I also like Avast and Avira. Have been exploring the Viper lately, but find that it's corporate interface is weak. The rest (personal ed) seems okay.. so far.

-Al
Al of Your Data Center

80 Posts
@marcbl
I too wondered if the term "bricking" has changed definitions. I have only heard the term in reference to something hand-held or smaller where the firmware or ROM was changed to make the device unusable without a factory reset of the hardware.
Nathan Christiansen

20 Posts

Sign Up for Free or Log In to start participating in the conversation!