Author Topic: Win32: evo-gen  (Read 32800 times)

Offline utrobin

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Win32: evo-gen
« on: March 15, 2012, 11:39:47 AM »
Hi! avast found few files infected with Win32:evo-gen. Please help to fix them - avast can not.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69200
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #1 on: March 15, 2012, 12:10:10 PM »
What are the file names and locations of the detections ?
Did they have [PUP] or any other suffix after the Win32:evo-gen malware name ?

Win32:*******-Gen is a generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

What do you mean avast can't fix them, what error is displayed ?
Was it avast that detected them ?
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #2 on: March 15, 2012, 01:20:33 PM »
Quote
Did they have [PUP] or any other suffix after the Win32:evo-gen malware name ?
i think this is the one  Win32:Evo-gen [Susp]

Posted today
http://answers.microsoft.com/en-us/windows/forum/windows_8-system/displayswitchexe/32816f5a-00e5-4717-852d-85109dfb23d4

yesterday
http://www.atxcommunity.com/topic/10240-atx-program-not-opening/
« Last Edit: March 15, 2012, 01:23:57 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline kovac

  • avast! team
  • Newbie
  • *
  • Posts: 16
  • Gender: Male
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #3 on: March 15, 2012, 03:27:59 PM »
Hi utrobin,

what files are being flagged as malicious? If you think those are false positives, please submit a false positive report. We are constantly monitoring this detection and updating it accordingly, so most false positives should be resolved soon. Since this is a generic detection avast! certainly won't be able to repair the infected files, sorry. If you are still seeing this detection even after virus definition update, please post more information about the flagged files (their name, location on hard disk etc.) so we can look at this issue in more detail.

Regards,
Peter Kovac
Per aspera ad astra.

Offline utrobin

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #4 on: March 15, 2012, 03:50:36 PM »
AVAST found them during the scanning at boot
yes, it is Win32:evo-gen[Susp]

different files showed infected, here is the list
from c:\program Files\Support Tools
addiag.exe
bitsadmin.exe
dsastat.exe
dupfinder.exe
extract.exe
httpcfg.exe

c:\WINDOWS\system32\mspaint.exe

and some other files

Attempt to fix it returns error 42060

I'm not sure, that it is false positive...

Thank you !

Offline charlest

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #5 on: March 15, 2012, 05:03:42 PM »
Hello,

I'm a Visual Dataflex 16.1 developer and now all my customers are having problens with this warning.
I installed Avast and i had the same problem.
For sure it's a false positive.
I hope you can find a fast solution.

Thanks
« Last Edit: March 15, 2012, 09:04:16 PM by charlest »

Offline kovac

  • avast! team
  • Newbie
  • *
  • Posts: 16
  • Gender: Male
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #6 on: March 15, 2012, 05:46:23 PM »
Hi charlest,

thanks for your report. This issue is already fixed and should be resolved in the next VPS update (hopefully in a few hours). Sorry for any inconvenience caused.

Thanks,
Peter
« Last Edit: March 15, 2012, 05:52:01 PM by kovac »
Per aspera ad astra.

Offline charlest

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #7 on: March 15, 2012, 06:48:45 PM »
Ok, thanks for the fast reply.

Offline charlest

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #8 on: March 15, 2012, 08:06:51 PM »
I downloaded the new VPS Version: 120315-1 and I'm still having the problem.
« Last Edit: March 15, 2012, 08:13:21 PM by charlest »

Offline charlest

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #9 on: March 15, 2012, 08:38:43 PM »
I just sent to you the files from my email.
I don't have permission to reply the PM.

Thanks

Offline kovac

  • avast! team
  • Newbie
  • *
  • Posts: 16
  • Gender: Male
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #10 on: March 16, 2012, 07:52:44 AM »
The latest VPS (120316-00) doesn't flag the files as malicious anymore. Can you please confirm the issue has been resolved?

Regards,
Peter
Per aspera ad astra.

Offline charlest

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #11 on: March 16, 2012, 12:05:04 PM »
It's solved.

Thanks

Offline utrobin

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #12 on: March 17, 2012, 02:39:51 PM »
I've got 120317-0 and it still marks files as infected

Offline kovac

  • avast! team
  • Newbie
  • *
  • Posts: 16
  • Gender: Male
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #13 on: March 17, 2012, 04:04:10 PM »
What files are marked as infected now?
Per aspera ad astra.

Offline utrobin

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: Win32: evo-gen
« Reply #14 on: March 17, 2012, 04:20:36 PM »
the same files are infected
see attachment

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now