The E-Mail Bag
Beverly Rosenbaum
The Readers Write
Multiple Problems Reported with AVG

image 1This month we received lots of email about AVG update problems. The following reader’s question was typical:
I am continually having problems with my AVG Anti-Virus failing to download its definition updates. Instead it’s been telling me that I have an “Invalid Update Control CTF File”. What does this mean? How can I fix it? Does it mean I have to uninstall AVG and reinstall it?
Editor’s Note: The CTF files are temporary work files created by AVG each time it downloads an update. They contain information about previous updates. When AVG finds these files to be normal, they are deleted and the update is run, creating new files in their place. However, if they are damaged the entire process fails, producing this error message.
The default location for storing AVG update files (.BIN) and CTF files should be C:\Documents and Settings\All Users\Application Data\Avg8\update\download on Windows XP systems and C:\ProgramData\avg8\update\download for Windows Vista. By default, this folder is hidden from view, so you would need to enable Windows Explorer to show all hidden files in order to view the contents of the Application Data folder.
image 2Searching Google.com for the exact error message was easy and quite productive, because so many people experienced this problem. A couple of the sites I found are well worth mentioning here. One of them, in the blog section of WinHelp Online at www.winhelponline.com/blog/error-invalid-update-control-ctf-file-when-updating-avg-anti-virus-80/, includes a link to download a script (from www.winhelponline.com/blog/wp-content/uploads/oct08/del_avg_ctf.zip) that will automatically remove the problem files from either Windows version. Just save it to the Desktop, unzip the file, and run the script del_avg_ctf.vbs to delete the AVG Update .CTF files automatically, without having to find them yourself. The script runs fine in Windows XP and Windows Vista systems.
The Best Help
A very detailed explanation was found on the Strategy Online web site. Back in September, Gary James of South Africa first wrote about this error on his www.strategyonline.co.za/ blog page. Over 42,000 people read his post in the next 2 months, and more than 10,000 of them actually downloaded the utility he created to deal with the problem – which he called AVG Mechanic – from www.strategyonline.co.za/ftp/public/AvgMechanic.exe.
It detects the location of the .CTF files, tells you how many there are, and offers to delete them for you. (Vista users will have to right click on the file and select “Run as Administrator” in order to be able to remove these files.)
image 3
Most users preferred the dialog of the AVG Mechanic program over the “silent” background utility finally posted by AVG support, which required users to create a script file that would edit the Windows registry. Gary James’ efforts to solve the problem have not gone unnoticed, as AVG developers invited him to become one of their beta testers. He would be part of the team that tests new builds of AVG, providing feedback and offering suggestions, hopefully to help minimize the number of faulty updates issued in the future.
For those who would like to understand exactly how this works, he explains in detail in his blog that the CTF files are just plain text files (viewable using NotePad) used to store information about which AVG updates (BIN files) were downloaded and installed when. After his utility deletes the corrupted CTF files, AVG is forced to download the latest update BIN files, recreating new CTF temp files once they are installed. Then subsequent updates will be downloaded correctly.
False Positive for Trojan
If you were one of those people struggling with this update problem, you may have been one of the lucky ones who missed the faulty signatures that were included in Virus Database 270.9.0/1774, issued in early November. In that instance, AVG erroneously detected a critical Windows file as a threat containing a Trojan virus. An incorrect virus signature produced this false positive, indicating that user32.dll contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN.
image 4
AVG then recommended deleting (“Heal”) this essential file, which caused the affected systems to either stop booting or continuously reboot in a loop. The user32.dll is a module that contains basic functions related to the Windows graphical user interface, such as window management, user input, and other standard controls for buttons, boxes and input fields. It should never be disabled or removed without verifying that it is really infected. The trouble was reported for both AVG 7.5 and AVG 8.0 under Windows XP only, but other versions of Windows may have had the same issue. A new update released by AVG later the same day corrected the problem. Users who followed the AVG recommendation to remove the user32.dll file had to do quite a bit of work to get their systems running again. If they discovered the mistake before restarting their PCs, they could simply update AVG again to the later update and avoid any problems. Otherwise, they were forced to either boot from their original Windows CD and choose the repair option, or use another bootable CD or flash drive to restore the file from the C:\Windows\System32\dllcache folder.
Thanks once again to Modem Bob and the HALNet support team, whose research quickly provided instructions posted on-line.
We look forward to hearing from you! E-mail your questions or comments for this column to emailbag@hal-pc.org. Names and addresses are printed only with permission.