Avast WEBforum
Other => Viruses and worms => Topic started by: utrobin on March 15, 2012, 01:39:47 PM
-
Hi! avast found few files infected with Win32:evo-gen. Please help to fix them - avast can not.
-
What are the file names and locations of the detections ?
Did they have [PUP] or any other suffix after the Win32:evo-gen malware name ?
Win32:*******-Gen is a generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.
What do you mean avast can't fix them, what error is displayed ?
Was it avast that detected them ?
-
Did they have [PUP] or any other suffix after the Win32:evo-gen malware name ?
i think this is the one Win32:Evo-gen [Susp]
Posted today
http://answers.microsoft.com/en-us/windows/forum/windows_8-system/displayswitchexe/32816f5a-00e5-4717-852d-85109dfb23d4
yesterday
http://www.atxcommunity.com/topic/10240-atx-program-not-opening/
-
Hi utrobin,
what files are being flagged as malicious? If you think those are false positives, please submit a false positive report. We are constantly monitoring this detection and updating it accordingly, so most false positives should be resolved soon. Since this is a generic detection avast! certainly won't be able to repair the infected files, sorry. If you are still seeing this detection even after virus definition update, please post more information about the flagged files (their name, location on hard disk etc.) so we can look at this issue in more detail.
Regards,
Peter Kovac
-
AVAST found them during the scanning at boot
yes, it is Win32:evo-gen[Susp]
different files showed infected, here is the list
from c:\program Files\Support Tools
addiag.exe
bitsadmin.exe
dsastat.exe
dupfinder.exe
extract.exe
httpcfg.exe
c:\WINDOWS\system32\mspaint.exe
and some other files
Attempt to fix it returns error 42060
I'm not sure, that it is false positive...
Thank you !
-
Hello,
I'm a Visual Dataflex 16.1 developer and now all my customers are having problens with this warning.
I installed Avast and i had the same problem.
For sure it's a false positive.
I hope you can find a fast solution.
Thanks
-
Hi charlest,
thanks for your report. This issue is already fixed and should be resolved in the next VPS update (hopefully in a few hours). Sorry for any inconvenience caused.
Thanks,
Peter
-
Ok, thanks for the fast reply.
-
I downloaded the new VPS Version: 120315-1 and I'm still having the problem.
-
I just sent to you the files from my email.
I don't have permission to reply the PM.
Thanks
-
The latest VPS (120316-00) doesn't flag the files as malicious anymore. Can you please confirm the issue has been resolved?
Regards,
Peter
-
It's solved.
Thanks
-
I've got 120317-0 and it still marks files as infected
-
What files are marked as infected now?
-
the same files are infected
see attachment
-
Hi! I have the same problem, only all of my Windows XP Pro system files seem to be infected. I use two hard drives with two separated systems (Win7 and XP Pro, not even any boot record recognizes the other), and the Win7 seems to be okay.
I just refreshed both the virus database and the software, and it's still coming up. I'm not sure if it's a mistake though. What is worse, WinXP tells me to use the original install disc to repair the files, because "necessary system files have been replaced with unrecognizable versions" or something like that, that may affect stability. I lost some programs too (like notepad.exe), I think those have been moved to quarantine. If I move to quarantine all the system files of WinXP I'm sure it won't ever start again, and I need that system. Repair didn't work. Any idea?
-
Hi minotaur,
please follow instructions written here: http://forum.avast.com/index.php?topic=53253.0 (on the Win XP of course). It is indeed very strange that so many system files of Windows XP are being flagged as infected. Does not look like a false positive to me, especially if Windows itself recognizes them as invalid. I also recommend you to start a separate thread, describe the problem and attach the required logs (see link above).
Good luck,
Peter
-
Hi,
still having troubles with the files, could you please advice, what to do next?
Regards
Alex
-
Hi,
I have the same problem - Avast is showing Win32:Evo-gen [Susp] in almost all installation programs from www.jzk.pl (download from http://jzk.pl/pobierz) , supplier of software for small businness. Is it possible to chceck whether it is a serious threat or just a false allarm?
-
Still did not get any reply! Could anyone check whether the software from www.jzk.pl (download from http://jzk.pl/pobierz) is trustworthy??
-
Still did not get any reply! Could anyone check
what to do is posted in reply #16
and any suspicious file can be uploaded an tested at www.virustotal.com max 64mb
or at www.metascan-online.com max 50mb
and false positives can be reported here http://www.avast.com/contact-form.php
-
I have the same problem - Avast is showing Win32:Evo-gen [Susp] in almost all installation programs from www.jzk.pl (download from http://jzk.pl/pobierz) , supplier of software for small businness.
This is almost certainly a false positive. I am getting the same with files downloaded from my site (http://www.jeffg.co.uk). My programs are built using Microsoft Visual C++ in Visual Studio 2010. Someone else has the problem with programs built with Dev-C++. I have submitted a ticket but Avast seems to be doing nothing about this. Would be worth contacting the people at www.jzk.pl to find out what their programs are built with.
Edit: which programs from jzk.pl/pobierz show the problem? Because the first one I tried (Druczek Ultimate) was OK. I tried several others too, without a problem.
-
In my case this is certainly a false positive and is giving me a huge headache.
I have a program written in C + + and I compile it using MinGW. AVAST thinks this program is contaminated with WIN:Eco-gen, and I'm pretty sure is not because it is my own program. It is part of my installation package and is causing problems in all my customers.
What I want to know is what I have to do in my source code for the AVAST do not identify it as a virus?
-
1. In my case this is certainly a false positive and is giving me a huge headache.
2. What I want to know is what I have to do in my source code for the AVAST do not identify it as a virus?
1. You can report a possible FP here: http://www.avast.com/contact-form.php
2. Signing your program should help.
-
What I want to know is what I have to do in my source code for the AVAST do not identify it as a virus?
it is not identified as a virus .... it is identified as Suspicious Win32:Evo-gen [Susp]
-
Hello I was trying to open utorrent and then I get this alert
(http://i.imgur.com/ELkm637.jpg)
and avast deleted my utorrent.exe
I download again utorrent and when I'm trying to install I still get the same alert
any help what I can do?
thanks
-
Hello,
can you send us detected the file, please? Use https://www.avast.com/false-positive-file-form.php and in "Description" mention link to this forum thread.
Thanks,
Milos
-
Hello,
can you send us detected the file, please? Use https://www.avast.com/false-positive-file-form.php and in "Description" mention link to this forum thread.
Thanks,
Milos
File sent!
(http://preview.ibb.co/cNoFdv/avast_report_false_positive_utorrent.jpg)