Grisoft just distributed its new version, AVG 7.5472, replacing 7.5430. I installed it yesterday and ran it this morning. I have a dual boot system and AVG ran (w/o asking me) from the Win98 system. It found 4 instances of viruses. One of them was SFC.DLL on my Win2K partition. I have 2 separate copies of AVG -- one for each system. I do that with all the security programs because they might not recognize the registry of the other OS.

Anyway, it said that it "healed" the files. That's a quote.

So then I booted to Win2K to get the daily update for AVG there and double check.

B.S.O.D. It said that some file necessary for startup was missing.

I had to run the basic repair from the product disc to sign on. That meant that any missing files were replaced by the originals from the 2003 disc. Then I updated AVG and ran a scan on the Win2K partition. Again, it "healed" SFC.DLL. Suspicious, I checked. No, it did not heal it, it simply deleted the entire file.

Ad-Aware has a feature that you can tell it not to reexamine a file which gives a false positive and it clearly tells you whether the file can be healed and asks you if you want to delete it. AVG bulldozes ahead and "fixes" things automatically.

I copied SFC.DL_ from the I386 folder on the product disc and went to command level and used the EXPAND.EXE utility to decompress that to SFC.DLL in the WINNT\System32 folder.

Now, yesterday I had a boot problem (from a different and known cause that would be TMI at this point) and ran the entire repair utility on Win2K. So the SFC.DLL was both times the program from the CD.

AVG is giving a false positive for this file. It thinks the original SFC.DLL has the signature for Trojan horse PSW.Banker.WQP. And it has a disastrous solution.