Win32:Evo-gen[susp] for my nvsvc32.exe

[darian]

Hi everyone,

I've used the free avast for a while now and it's been very good.  Just this morning after my computer turned on, i got a warning from avast saying that it found Win32:Evo-gen[susp] in my system32\nvsvc32.exe file.  All I had done was checked some emails (did not open any links and no suspicious emails or anything).

Avast told me to remove the file so i told it to do so.  Afterwards, avast said to restart my computer to do a boottime scan, which i did.  After the boottime scan & my computer started up, the same Win32:Evo-gen[susp] in my system32\nvsvc32.exe file thing was found again.  I then opened up avast and did a quick scan and it found the same thing & i selected the "automatically fix" option.  In the result on the right after i clicked to apply my option, it said action postponed until next reboot.  I rebooted and guess what?  It still found the same file as Win32:Evo-gen[susp] in my system32\nvsvc32.exe file.  Did avast not do anything after the reboot or what? 

In any case, i found this odd and i was doing some reading online and i scanned my system32\nvsvc32.exe file on the following sites as i found when looking up this topic on the avast forums:
www.virustotal.com/en/
www.metascan-online.com
www.jotti.org

Scanning the system32\nvsvc32.exe file on all 3 of those sites, the sites told me the file is clean!  What does this mean?  A false positive or something as i've been reading?  My computer doesn't seem slower and no popups are coming up (asides from the avast popup everytime i reboot my computer telling me the same Win32:Evo-gen[susp] in my system32\nvsvc32.exe file thing was found again).

Please help.

[Pondus]

You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21

[darian]

Hi pondus,
I just sent it via the first link you gave.  Lets hope it's nothing.  Don't want to format if i don't have to
Darian

[bachboris]

Hi Darian, hi Pondus,

luckily I just found your post!
Yesterday I had exactly the same problem on my PC: your description matches perfectly the symptons on my machine. In addition to your activities, I bootet my PC from a DvD containing Linux and two independant virus scanners, just to be safe. Both scanners reported 0 findings on my boot drive c: containing the nvsvc32.exe, basically the same result as the quickscan result of Avast. Some more details:
- I am running Avast program 2014.9.0.2011 on a Windows XP machine
- Yesterday, Avast had a virus database version from ~10:15 PM, if I remember well

Now, 24h later and after updating to virus database version 140110-0, the symptons are gone without any further interaction! What I am afraid of is, that my system still might have this strange infection. In order to get more info regarding the root cause, I have two questions to Pondus:

- Are there other users, who made the same or similar expiriences with the virus database version from yesterday evening?
- Can you confirm or decline, that the root cause of the problem is the virus database version from yesterday evening?

I very appreciate any further help from you guys! Thanks a lot in advance!