Avast! is removing winword.exe Win32:Evo-gen [susp], false positive

[beedub]

Help! Avast!, which i think is great, keeps removing Winword.exe as a Win32:Evo-gen [susp] but if i restore it and scan it, it is clean. It is the 1999 version. right from the disc - it's clean also. how can i restore it? never had this problem before, have submitted it etc. Need my Word program!

[GeoffL]

For info, I have the same problem with my wife's netbook (Asus Eee PC running Win XP Home). We have Word 2000 and have used this for years without issue until the latest Avast definition update.

I can't find a way of excluding Word from on-demand checking (and not sure I'd want to anyway, since Word macros are a major malware vector). So, for the time being, I've switched my wife to Open Office as that can do just about everything she needs Word for anyway. I've reported the false positive, so hopefully Avast will resolve the issue. In the meantime, we'll just have to continue using Open Office or switch to another AV solution.

[Pondus]

when you have the file in chest....right click and upload to avast lab as false positive
you may add a link to this topic in case they reply

[GeoffL]

I hope what I infer from your post is incorrect as that would imply a major UI failure for Avast. As I understand it, I've already reported the false positive. Here's what I did:

• Following the first warning, I uninstalled Office 2000 from my wife's machine, removed the associated registry hives, and deleted the Microsoft Office folder in Program Files.
• Rebooted the computer then carried out a fresh install from the original CD.
• Tried to launch Word, only to get the same Avast warning.
• Clicked the link in the warning to report the false positive, and followed on-screen prompts to submit.

Do I also need to right-click and upload the file to the Avast lab? Or is what I've done sufficient?

TIA,

Geoff

[Pondus]

Do I also need to right-click and upload the file to the Avast lab? Or is what I've done sufficient?

should be ok..... but if file is already in chest, you have the option to do it from there


avast! 7.x: Using the Virus Chest
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1406

[beedub]

i removed various recent trial programs that were not needed and restored to 1 week ago- it seems ok now.

[GeoffL]

I'd be interested to know whether it stays that way as I suspect that by restoring to a week ago you might have removed the Avast change that started off the whole issue. If so, that issue is likely to return when Avast auto-updates itself (and hence reinstates what caused the FP in the first place).

[ChrisB]

Sorry, didn't spot this (searched for Word not winword) and started another thread for the same problem. An upgrade from avast 7.0.1466 to avast 8.0.1483 & reboot had no effect, but I then installed the latest Windows Updates, rebooted again and the problem has gone; Word runs normally.

Not sure what the important change was, it could be that the virus definitions updated at reboot included a fix following your report.

Chris

[GeoffL]

We went out for a few hours and, when we came back, my wife opened Word. No Avast warning appeared, so I assume that the FP reports have been acted upon and the fix rolled out. That's what I call speedy service!

[minimalist]

Following the advice on this thread, I updated from avast 7.0.1466 to avast 8.0.1483 and I have installed the latest Windows updates.

However, it appears as though my previous version of avast (avast 7.0.1466) deleted Microsoft Word 2000 from my computer when it tried to, I suppose, deal with the false positive. I no longer have the disk for it. Is it possible to actually retrieve an older copy of my Microsoft Word 2000 or am I "screwed" for a lack of a better word.

[Pondus]

Is it possible to actually retrieve an older copy of my Microsoft Word 2000 or am I "screwed" for a lack of a better word.

is there any file in avast chest?

[minimalist]

Yes, there are multiple versions of winword.exe in there. One version is last changed from 2002 while the others were last changed from 2013.

[minimalist]

Would it just be a matter of right-clicking the oldest file and selecting "Add" or something?

[Pondus]

no...restore  file

but you may right click and scan it first to see if still detected

a copy will remaine in chest after restore, just in case. this you may delete when all is OK...no rush to delete anything from chest

avast! 7.x: Using the Virus Chest
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1406

[juliegnh]

Same thing happened to me today on a laptop with Office 2000 on it.  I restored the winword.exe from the chest but had to also exclude it from being scanned until this is fixed.  I did this under Settings, Global Exclusions.  Avast! 8.0.1483.  Is it now fixed?