Doubtful
join:2006-03-10
Brentwood, NY | Latest Windows update disables AVG antivirus
After installing the latest Windows update a few minutes ago I get an error at boot saying Avgcc.exe can't load because a DLL is occupying memory reserved for Windows. It says to ask the vendor for a new DLL.
Anyone know anything about this? |
|
rotty97
join:2005-06-30
Australia | No problems here, AVG 7.5 and have applied the latest Buffer Overflow for Windows XP SP2 patch. |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | reply to Doubtful
quote:
No problems here, AVG 7.5 and have applied the latest Buffer Overflow for Windows XP SP2 patch.
|
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
1 edit | reply to Doubtful
Using AVG here as well....no problems with the KB925902 update.
Not too sure what to suggest at this point other than to be sure AVG is fully updated and perhaps another reboot. (?)
--
I had a life once.....now I have a Computer and a Modem. |
|
Doubtful
join:2006-03-10
Brentwood, NY
| OK thanks for the feedback. I did the reboot thing a few times and reinstalled AVG, no change. The only thing I can think of right now is that I have CrystalXP installed, but wonder why AVG triggers the error.
This is the complete message- "avgcc.exe - Illegal System DLL relocation
The system DLL user32.dll was relocated in memory. This application will not run properly. The relocation occurred because the DLL C:\Windows\system32\SHELL32.dll occupied an address range reserved for Windows system DLL's. The vendor supplying the DLL should be contacted for a new DLL." |
|
pudelein
join:2005-06-18
Oak Ridge, TN
| reply to Doubtful
I also had no trouble from AVG after installing KB925902 this evening. However, the same error reported by the OP appeared when I tried to launch Solitaire Plus! for some amusement. And there is also a problem for those with Realtek HD Audio Control Panel. See support.microsoft.com/default.asp.aspx/kb/935448 for a further hotfix that repairs the two applications I mentioned and maybe would fix AVG if that really has an issue. The problem concerns base address conflicts between user32.dll and hhctrl.ocx after the KB925902 patch. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Doubtful
Are you talking about this one ???
MS07-017: Vulnerability in GDI could allow remote code execution
This is the fix for the ANI exploit as well as other GDI related vulnerabilities.
It is very important to check for known issues before installing security fixes - a known issue affecting the MS07-017 may hit a lot of people, and if they do not read the documentation before allowing the fix to install via Automatic/Windows/Microsoft Update then they could be in for a shock.
"After you install this security update on a Windows XP Service Pack 2 (SP2)-based computer, Realtek HD Audio Control Panel (Rthdcpl.exe) may not start. Additionally, you receive an error message that is similar to the following:
Rthdcpl.exe - Illegal System DLL Relocation
The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.
For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
935448 (»support.microsoft.com/kb/935448/) The Realtek HD Audio Control Panel may not start, and you receive an error message when you start the computer: "Illegal System DLL Relocation."
If you experience this error after installing the ANI patch, please download and install the fix, available here:
»support.microsoft.com/kb/935448/
»msmvps.com/blogs/spywaresucks/ar···937.aspx
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
4 edits | reply to Doubtful
Boy, sorry Doubtful  , that's a really strange message and I don't have a clue what to suggest, nor can I imagine why it's asking you to 'contact the vendor' for a new DLL.
Hopefully, someone else will chime in here with a solution (or at least an explanation).
So far, you're the first one I've seen with this error...there may be others in the near future with the same complaint, unless it is unique to your setup somehow.
In the mean time, If I come across anything I'll let you know.
(EDIT)
Well...two replies while I was typing.
Guess I'm all thumbs tonight. 
Furthermore, this is just great....I've only updated one computer so far.
Two of my others have a Realtek HD Audio Control Panel.
Maybe I spoke too soon about 'no problems'.
Nothing like a critical patch released early because it's SO important, and then it starts breaking things. 
(And for the record, this is KB925902 I'm talking about here).
--
I had a life once.....now I have a Computer and a Modem. |
|
Doubtful
join:2006-03-10
Brentwood, NY | OK a follow-up; I installed the patch but that didn't fix the problem, Avgcc.exe still causes the same error and fails to load. I guess I'll uninstall the update for now and see if anyone else shows up with the same problem.
Thanks everyone. |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
1 edit | From Name Game 's link:
quote:
Note As of April 3, 2007, Microsoft is not aware of any other programs that are affected by this problem.
If you receive a similar message when you use other programs, contact Microsoft Customer Support Services to obtain the 935448 hotfix. If we confirm that other programs are affected by this problem, we will update Microsoft Knowledge Base article 935448 with more information
Well then, it looks like we're aware of at least one other program that's affected .....so far.
They may end up needing several new patches to fix the new patch.
--
I had a life once.....now I have a Computer and a Modem. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by jabarnut :They may end up needing several new patches to fix the new patch. If the disease doesn't kill you, the cure will.
I have the RealTek HD Audio. I also have Acronis True Image.
I'm still not sure if I want to install either of these patches, though.
The 'fix for the fix' requires WGA Validation, btw. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to Doubtful
And also you know that your avgcc.exe is the control center for AVG..are you running the free version ? Did you have AVG running when you installed that update ?
see here..
»forum.grisoft.cz/freeforum/read.···ge=2,sv=
when you did unintall the update..did it fix your AVG ?
Did you try to uninstall then reinstall AVG the way they sugguest?
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
| reply to AB
said by AB :If the disease doesn't kill you, the cure will. I have the RealTek HD Audio. I also have Acronis True Image. I'm still not sure if I want to install either of these patches, though. The 'fix for the fix' requires WGA Validation, btw.
I hear you AB...I'm holding off on my other machines until further 'developments'.
This machine doesn't have RealTek HD Audio...but the others do.
They ALL have Acronis True Image though!
Wouldn't stay at home without it. 
--
I had a life once.....now I have a Computer and a Modem. |
|
fastpace
join:2006-02-15
Chicopee, MA | reply to jabarnut
I got the same error tonight using f-secure anti virus |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
| said by fastpace :I got the same error tonight using f-secure anti virus Well, there you have it folks....let the games begin. 
--
I had a life once.....now I have a Computer and a Modem. |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
 ·Bell Sympatico
 ·Cogeco Cable
1 edit | reply to Doubtful
I'm not sure if this is related to the KB925902 update for XP sp2 systems but as soon as i downloaded and installed it i got a warning from my UnHackMe:
Start checking at 4/3/2007 time:10:45:34 PM
Hidden Process Detected:UPDATE.EXEPDATE PID=2848
UPDATE.EXE -Q -Z -ER /PARENTINFO:427BCF457DA68945B45A1DE3F14EC64C
Start checking at 4/3/2007 time:10:47:03 PM
Finishing checking at 10:47:04 PM
and all scans before that update were clean;
Start checking at 4/3/2007 time:10:40:34 PM
Finishing checking at 10:40:35 PM
-------------------------------------------------------
Start checking at 4/3/2007 time:10:41:33 PM
Finishing checking at 10:41:34 PM
-------------------------------------------------------
Start checking at 4/3/2007 time:10:42:33 PM
Finishing checking at 10:42:34 PM
-------------------------------------------------------
Start checking at 4/3/2007 time:10:43:33 PM
Finishing checking at 10:43:34 PM
-------------------------------------------------------
Start checking at 4/3/2007 time:10:44:33 PM
Finishing checking at 10:44:34 PM
may be it's a FP may be it's not but has anyone else seen or had this come up on their system after todays MS update was installed on their system.
--
I hear and forget. I see and remember. I do and understand. - Confucious (551 BC - 479 BC)
The real voyage of discovery consists not in seeking new landscapes but in having new eyes. - Marcel Proust (1871 - 1922) |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
| reply to Doubtful
I installed it on two computers with AVG & another without AVG and I don't see your error or anything similar in any programs.
You say you're using CrystalXP, I wonder if this is another "I made the permissions on a system folder too restrictive and now I'm blaming Microsoft for my problem"? Or it's that the software was already broken, it just took a security update to bring it out. |
|
jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
2 edits | reply to Doubtful
Wow!
This could be the gift that just keeps on giving the whole year long.
(Edit) I don't know RedXII1234...it looks to me like a few more problems are surfacing well beyond 'CrystalXP' as time goes on....guess we'll see.
--
I had a life once.....now I have a Computer and a Modem. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
 ·Verizon FIOS
| reply to Doubtful
Here is the real reason.
said by kb935448 article :
This problem may occur after you install security update 925902 (MS07-017) and security update 928843 (MS07-008). The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if the program loads the Hhctrl.ocx file before it loads the User32.dll file. OK, so there are conflicting 'preferred base addresses' in two Microsoft-supplied DLLs. (A discussion of why there are preferred base addresses is outside the scope of this note).
If a process loads user32.dll first, user32 gets its preferred virtual base. hhctrl.ocx comes along later and gets relocated elsewhere, no problem.
If a process loads hhctrl.ocx first, it gets its preferred base. user32.dll comes along later, but can't be relocated because (I suppose) of something to do with it being one of the standard 'known DLLs' - maybe these have to be in the same virtual address in every process, I don't know.
It's probably 'unusual' to load an ocx before user32.dll? I dunno, I don't do that COM stuff.
--
Microsoft Security MVP, 2005-2007. |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
·AT&T U-Verse
1 edit | reply to AB
I have both the RealTek HD audio and Acronis TI on my laptop and neither was affected by the patch. I don't have AVG, so can't comment on that one.
Edited to add: I refused WGA and had no problems downloading the patch.
--
Team Discovery
|
|
