Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojan Horse SCGeneric2.AOEH detections Windows 10


  • Please log in to reply
6 replies to this topic

#1 Sylveon Fetish

Sylveon Fetish

  • Members
  • 425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 AM

Posted 24 June 2017 - 07:22 PM

My AVG is picking up multiple threats in the C:\Windows\Assembly\ on my Windows 10 machine. In fact I see similar situations with every Windows 10 machine I have ever used. AVG finds on this machine:

 

Trojan Horse SCGeneric2.AOEH C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\8696a4d80c5ece818bcde1c5825fd806\System.Data.ni.dll

 

This threat appears in AVG every 5 seconds

 

Google has no information on this threat. In fact searching "SCGeneric2.AOEH" always says "No results for"



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:51 AM

Posted 24 June 2017 - 07:35 PM

I'm thinking this is likely a false positive. Have you contacted AVG or discussed this in AVG forums?

 

If you haven't run the scans below...do that.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 fjwben

fjwben

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 25 June 2017 - 01:09 AM

I just got this fro AVG support:

 

Thank you for contacting AVG for Business by Avast.

 

It is "un-officially" being listed as a false positive. This issue was just discovered and reported to us on Friday and we have escalated it to the DEV team in Prague. We ask that you keep updating your definitions and scan regularly. As soon as the DEV team publishes the fix it will come through your updates. We do apologize for you experiencing this issue but ask that you have patience with us and our DEV team as we work on a solution. Thank you.



#4 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:51 AM

Posted 25 June 2017 - 04:51 AM

fjwben...Welcome to BC and thanks for posting that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 dtmoc

dtmoc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 25 June 2017 - 03:14 PM

fjwben

 

Thanks for posting.

Same issue - multiple systems after Creator's Update.

 

Also - no system can manually update.

Reports that "This function has been disallowed by the system administrator"

Uncertain as yet whether a scheduled update will succeed.



#6 Luke_Baylis

Luke_Baylis

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 26 June 2017 - 04:25 AM

Contacted AVG Support on this matter, have copied an email I received from AVG support to back up fjwben's post, states the following:

 

Hello Luke,

Thank you for contacting AVG.

#1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\481a57315052f41e27eb10e2eb54b739\System.Data.ni.dll (Critical .NET framework file)

#2 \twain32.dll

Those are the two the we are seeing more often as false positives. If you have deleted the System.Data.ni.dll a restart on that device might restore it but if not, then you will have to re-install the .NET framework.


It is "un-officially" being listed as a false positive. This issue was just discovered and reported to us on Friday and we have escalated it to the DEV team in Prague. We ask that you keep updating your definitions and scan regularly. As soon as the DEV team publishes the fix it will come through your updates. We do apologize for you experiencing this issue but ask that you have patience with us and our DEV team as we work on a solution.

Best regards,

Kevin Jaber
AVG Customer Care

 

 

Hope this helps anyone who was debating allowing/writing an exception for the SCGeneric2.AOEH error - was advised over the phone to 'ignore' however have had a few customers calling in regarding this saying they have a Trojan horse and are running in circles in the office panicking. Advise probably writing an exception for this until the fix is released within 48 hours as I was told by Kevin.


Edited by Luke_Baylis, 26 June 2017 - 04:28 AM.


#7 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:51 AM

Posted 26 June 2017 - 02:01 PM

From the web...one of the AVG forums ...commenter is a victim with screen name Rose Computer

 

Rose Computer

Received this this morning...

Thank you for contacting AVG.
I do apologize for the inconvenience. This issue has been addressed and it is a false positive. The fix will be released it the next virus definition update (14607). 
 
June 26, 2017
 
Can any AVG victim confirm that update 14607 has been released and if it repaired the damage or just removed the bad sigs/ cause of the false positives ?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users