I have questions, 1) what is the deal with AVG asking fpor these screen shots? The first poster asked a question with all of the information that would be in a screen shot "I started getting a warning that my Rundll32 is infected with TrojanHorse SCGeneric4.BPWA." . Why can you not look that up? Why the delay in getting a screen shot?
2) even if it is a business version, why can you not just TELL US, the answer to the question? it is a false positive or not, it is a secret? (must be).
3) you still did not totally answer the question about the false postive, but said to upgrade to the new version, WHY? you can not flag it in the old version? Should we turn it off and back on to see if that fixes it too?
Why all of the delays, this is kind of serious, especially for business customers, for which you will be loosing this one, this is not funny anymore.
Hello Dave,
I'm sorry to hear about this. Please share a screenshot of the AVG detection to assist you further. We will check with the screenshot and we will let you know about the detection. You can check the following link to see the instructions about taking the screenshot (http://support.avg.com/SupportArticleView?urlname=How-to-create-a-screenshot).
Best regards,
Alok.
Hello Dave,
I'm sorry to hear about this. Please share a screenshot of the AVG detection to assist you further. We will check with the screenshot and we will let you know about the detection. You can check the following link to see the instructions about taking the screenshot (http://support.avg.com/SupportArticleView?urlname=How-to-create-a-screenshot).
Best regards,
Alok.
Hello Al,
I appreciate your patience in this matter.
This particular threat detection is confirmed as False Positive.
Please update the program once and check whether the issue gets fixed.
Thank you.
Thank you for sharing the information here.
George,
From the screenshot, I see that you are using very older version of AVG product. Rundll32. exe is a supporting file of Run command. Hence it is false detection by AVG older version. As mentioned in previous post, please be informed that we are performing a major migration from 2016 to 2017 version.
We are performing this has mandatory update and planning to maintain the 2017 as a standard version.
We are receiving feedback from customer to add or remove some of the features, the changes will be at the earliest as possible.
Hence please uninstall AVG older version as mentioned in this article ( http://avgread.me/1DEtNP0 ) and reinstall AVG 2017 version by going to AVG downloads page at https://www.avg.com/en-us/download .
Thank you.
I have forwarded this to senior team for further suggestion.
Please keep checking the post to know about the status.
Thank you.
Thank you for providing screenshot. Are you using AVG business edition in your PC? If so, we request you to contact our AVG business support team as this community deals with the technical queries regarding AVG home products. To contact AVG Business team, please click on http://www.avg.com/us-en/customer-support-business or use below numbers:
USA & CA: +1 (855) 738-1284
AU & NZ: +61 280 152 133
UK: +44 1163 668 543
Thank you.
Dave, For your info, just in case that you are unaware, you can post the screenshot here in your topic. Click on 'Answer' & then click on the 'Image' [mountain symbol] & follow the instructions.
AVG Guru
Eric,
Sorry to hear that. In some cases, AVG virus vault won't allow some files to restore but if you check the file location it would have been restored. Please check that Rundll32.exe file location and make sure that if it is restored or not. If you don't find the file in that location, do you encounter any error while trying to restore that file from AVG virus vault? If so, please share the screenshot of it to assist further.
Thank you.
I have questions, 1) what is the deal with AVG asking fpor these screen shots? The first poster asked a question with all of the information that would be in a screen shot "I started getting a warning that my Rundll32 is infected with TrojanHorse SCGeneric4.BPWA." . Why can you not look that up? Why the delay in getting a screen shot?
2) even if it is a business version, why can you not just TELL US, the answer to the question? it is a false positive or not, it is a secret? (must be).
3) you still did not totally answer the question about the false postive, but said to upgrade to the new version, WHY? you can not flag it in the old version? Should we turn it off and back on to see if that fixes it too?
Why all of the delays, this is kind of serious, especially for business customers, for which you will be loosing this one, this is not funny anymore.
My short answer: this appears to be a false positive. (See below for details.)
I am using Windows 7, latest build 7601, and AVG Free v.16.121.7859. I also have just begun receiving these notices that SCgeneric4.BPWA TrojanHorse has infected rundll32.exe. (For me, the triggering event occurred when I went to adjust my time zone by clicking on the time just above the date in the taskbar, and then clicking on "Change date and time settings...", though for some reason, I did not get the AVG warning every time, but only sporadically [I'm guessing rundll32.exe may have still been in memory, only being caught by AVG when Windows decideded to reload it from disk?!]).
I have done some sleuthing, and suspect that this warning is a false positive, caused by a recent Windows Update, which replaced the 2009 version of rundll32.exe with one dated in 2017 (March 30, 2017, 45,056 bytes, created at the same time as my June Windows Update that I did on June 14, 2017). I went back to two backups to verify this, by examing rundll32.exe that was backed up on June 2 (prior to the June 14th Windows Update), and the one backed up on July 1 (after the same Windows Update). The current versions in C:\Windows\System32, and also in C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7601.23755_none_da6bed36226a053d, are byte-for-byte identical to the one backed up on July 1, but differ from the older one from 2009, backed up on June 2nd. The older version was used with Windows 7 Build 7600, the current version is used with Build 7601, (as displayed on my desktop wallpaper, and in the file properties dialog).
I noted that the creation date of the file (rundll32.exe) was June 14, 2017, within seconds of the time stamp for my June 14th Windows Update "2017-06 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4022719)". The 'Date modified' from the Windows Properties window was originally March 30, 2017, but has been updated after AVG has removed the file, and Windows has recreated it (I presume), so is now dated July 23, 2017 on my system. But the file is byte-for-byte identical to the backed-up March 30th version.
While not conclusive, there's enough 'evidence' here to lead me to suspect a false positive. I can send a zip file containing my current rundll32.exe, if that would be of interest, but would need an email address or other instructions. (Too bad, but I don't see how to attach it here!) (I did submit the last rundll32.exe caught by AVG, using the 'submit for analysis' function in the Virus Vault, and presume it is the same as the one I have saved in the zip file on my hard drive.)
Al Sirutis
July 23, 2017
Hello Dave,
I really appreciate your effort in resolving this issue. If the issue still persist, please take a screenshot of the error message for us to assist you further.
Best regards,
Alok.
Well…unfortunately I ran the AVG rescur disk which actually just deleted RunDLL. I replaced it with a RunDLL from another machine that was dated 13 Jul 09 (so I can't get a screen shot of the detection since thos one passes the scan). The one it replaced was quite a bit newer but I noticed some of the other \System32 files have a 13 Jul 09 date. It could be that this was a valid alert and the RunDLL was replaced prior to 9 July and AVG only just now got the update to catch it.
I'll know more when my recent patches run again (if they replace RunDLL).
Oh…and I'm sorry about the double post…I'm new to this forum.
Cheers!
Dave
Same exact problem with the SCGeneric4.BPWA
my rundll32.exe file hasnt been updated since march and i have scanned using other stuff and none are finding anything
Hello Al,
I appreciate your patience in this matter.
This particular threat detection is confirmed as False Positive.
Please update the program once and check whether the issue gets fixed.
Thank you.
During a test with the current virus database (4779 / 14730) on a Windows 7 x64 machine AVG doesn't detect rundll32.exe anymore, so updating the virus database should suffice to solve the issue now.
Dirk Knop, Jakobsoftware
Please be informed that we are performing a major migration from 2016 to 2017 version.
We are performing this has mandatory update and planning to maintain the 2017 as a standard version.
We are receiving feedback from customer to add or remove some of the features, the changes will be at the earliest as possible.
Hence please uninstall AVG 2016 version as mentioned in this article ( http://avgread.me/1DEtNP0 ) and reinstall AVG 2017 version by going to AVG downloads page at https://www.avg.com/en-us/download .
Thank you.