AVG Support Community
Same exact problem with the SCGeneric4.BPWA
my rundll32.exe file hasnt been updated since march and i have scanned using other stuff and none are finding anything
My short answer: this appears to be a false positive. (See below for details.)
I am using Windows 7, latest build 7601, and AVG Free v.16.121.7859. I also have just begun receiving these notices that SCgeneric4.BPWA TrojanHorse has infected rundll32.exe. (For me, the triggering event occurred when I went to adjust my time zone by clicking on the time just above the date in the taskbar, and then clicking on "Change date and time settings...", though for some reason, I did not get the AVG warning every time, but only sporadically [I'm guessing rundll32.exe may have still been in memory, only being caught by AVG when Windows decideded to reload it from disk?!]).
I have done some sleuthing, and suspect that this warning is a false positive, caused by a recent Windows Update, which replaced the 2009 version of rundll32.exe with one dated in 2017 (March 30, 2017, 45,056 bytes, created at the same time as my June Windows Update that I did on June 14, 2017). I went back to two backups to verify this, by examing rundll32.exe that was backed up on June 2 (prior to the June 14th Windows Update), and the one backed up on July 1 (after the same Windows Update). The current versions in C:\Windows\System32, and also in C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.1.7601.23755_none_da6bed36226a053d, are byte-for-byte identical to the one backed up on July 1, but differ from the older one from 2009, backed up on June 2nd. The older version was used with Windows 7 Build 7600, the current version is used with Build 7601, (as displayed on my desktop wallpaper, and in the file properties dialog).
I noted that the creation date of the file (rundll32.exe) was June 14, 2017, within seconds of the time stamp for my June 14th Windows Update "2017-06 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4022719)". The 'Date modified' from the Windows Properties window was originally March 30, 2017, but has been updated after AVG has removed the file, and Windows has recreated it (I presume), so is now dated July 23, 2017 on my system. But the file is byte-for-byte identical to the backed-up March 30th version.
While not conclusive, there's enough 'evidence' here to lead me to suspect a false positive. I can send a zip file containing my current rundll32.exe, if that would be of interest, but would need an email address or other instructions. (Too bad, but I don't see how to attach it here!) (I did submit the last rundll32.exe caught by AVG, using the 'submit for analysis' function in the Virus Vault, and presume it is the same as the one I have saved in the zip file on my hard drive.)
July 23, 2017
I have questions, 1) what is the deal with AVG asking fpor these screen shots? The first poster asked a question with all of the information that would be in a screen shot "I started getting a warning that my Rundll32 is infected with TrojanHorse SCGeneric4.BPWA." . Why can you not look that up? Why the delay in getting a screen shot?
2) even if it is a business version, why can you not just TELL US, the answer to the question? it is a false positive or not, it is a secret? (must be).
3) you still did not totally answer the question about the false postive, but said to upgrade to the new version, WHY? you can not flag it in the old version? Should we turn it off and back on to see if that fixes it too?
Why all of the delays, this is kind of serious, especially for business customers, for which you will be loosing this one, this is not funny anymore.