Avast WEBforum
Other => Viruses and worms => Topic started by: mike107 on April 18, 2013, 04:17:08 PM
-
Hi my avast software found and deleted a rootkit virus (filename trz47.tmp) which it said was a Win32:Evo-gen [susp]
So I did a boot scan of the whole machine and it found 2 more which it moved to the chest:
Name:
A0119204.sys
Original location:
C:\System Volume Infomation\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
Last changed:
25/06/2004 00:31:28
Transfer time:
17/04/2013 11:51:20
Virus:
Win32:Evo-gen [Susp]
Name:
humaxst.sys
Original location:
C:\WINDOWS\system32\drivers
Last changed:
17/04/2013 08:15:14
Transfer time:
17/04/2013 09:15:17
Virus:
Win32:Evo-gen [Susp]
It recently found a Win32:IBryte-BC virus (see other thread at http://forum.avast.com/index.php?topic=121412.0 )
so I don't know if that is anything to do with these Evo-gen ones?
I've run AdwCleaner again, log attached
I ran MBAM again, didnt find anything, log attached
I ran OTL again, logs attached
Any idea what these Evo-gen things are? From what I've read they could be anything, though often harmless.
many thanks
-
Update: avast has put to more Win32:evo-gen files into chest now:
A0119294.exe
C:\System Volume information\_restore{.......}\RP1337
and
Media eLinker Setup25.exe
C:\Program Files\Humax Digital
The first one is suspiciously similar to the A0116736.exe Win32:IBryte-BC that it found a couple of days ago, could it be linked?
-
System restore has a copy of that file which Avast has found
The humaxst.sys is a false positive if you have Humax Set Top Box
-
Adobe Photoshop 6 was put into the virus chest. I got it straight back out. I've been using the same software for donkeys years. Avast said the program had a bad reputation. It is a very rare false positive by Avast.