Author Topic: win32 evo-gen  (Read 17168 times)

0 Members and 1 Guest are viewing this topic.

Offline richard4717

  • Newbie
  • *
  • Posts: 3
win32 evo-gen
« on: February 15, 2013, 11:34:05 AM »
I keep getting win32 evo-gen reported on when I download and run this file:

MeadeLX200GPS(5.0.0)Setup.exe which is a driver for a meade telescope from the ASCOM site:http://www.ascom-standards.org/Downloads/ScopeDrivers.htm

I don't believe this to actually be infected.

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26884
Re: win32 evo-gen
« Reply #1 on: February 15, 2013, 11:37:31 AM »
upload suspisious file(s) to www.virustotal.com and test with 40+ malware scanners
post link to scan result here for us to see
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline richard4717

  • Newbie
  • *
  • Posts: 3
Re: win32 evo-gen
« Reply #2 on: February 15, 2013, 11:43:45 AM »
None found.

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26884
Re: win32 evo-gen
« Reply #3 on: February 15, 2013, 11:45:06 AM »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline richard4717

  • Newbie
  • *
  • Posts: 3
Re: win32 evo-gen
« Reply #4 on: February 15, 2013, 11:47:24 AM »
None found.

0/46 detection ratio on virustotal.com

None found I assume that means.

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26884
Re: win32 evo-gen
« Reply #5 on: February 15, 2013, 11:49:43 AM »
OK

you can report False Positive here  http://www.avast.com/contact-form.php   change subject to suite your case
you may want to add a link to this topic in case they reply
« Last Edit: February 15, 2013, 11:53:37 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline spywar

  • Malware Hunter
  • Poster
  • *
  • Posts: 441
Re: win32 evo-gen
« Reply #6 on: February 15, 2013, 06:38:49 PM »
Just downloaded "MeadeLX200GPS(5.0.0)Setup" detected as Evo-Gen [Susp] once executed.
Submitted to lab.

Offline spywar

  • Malware Hunter
  • Poster
  • *
  • Posts: 441
Re: win32 evo-gen
« Reply #7 on: February 15, 2013, 09:03:32 PM »
Hello,
thank you for sending sample. False positive will be fixed in next VPS update.
Sorry for any inconvenience.

Best regards,
Milos Hrdy
Virus analyst
 ;)

Offline carpenihil

  • Newbie
  • *
  • Posts: 2
Re: win32 evo-gen
« Reply #8 on: March 09, 2013, 09:25:25 PM »
I seem to have the same problem with a false alarm regarding an executable game file namely PES 5 ( a soccer game which I have been playing for 5 years) and today avast blocked this when I attempted to enter the game, you have more details in the pic below. I mention that I attempted both solutions proposed in the popup but with no effect. I also performed a test on virustotal.com and there were no detections.

https://www.virustotal.com/en/file/12d992482e8938d181cc5007de950fa2c9f748124fbde105ff70a396b6fe2d62/analysis/

Please tell me what can I do now, I am addict to this game. ;((

http://postimage.org/image/5zniu17dt/
« Last Edit: March 09, 2013, 09:27:15 PM by carpenihil »

Offline Gamer1234

  • Newbie
  • *
  • Posts: 1
Re: win32 evo-gen
« Reply #9 on: March 19, 2013, 09:13:10 PM »
Hi I am having this issue as well. The program in question is called ADPCM Player v1.44h by FastElbJa and I have used this program for many years. It is used to manage and convert audio and music from video games. Now today I went to use it and Avast flagged it as a win32:evo-gen suspicious file and moved it to the chest.

Here is a scan from virustotal for ADPCM Player: https://www.virustotal.com/en/file/ac605500220d5e58a3ab5843990e168fe8d88e21486c6873550504de1d323aa9/analysis/1363720771/

It only has 1 out of 45

Why is this great program suddenly a virus? Please help. I sent this file to the Avast virus lab as a false positive. I have also done what the person above me did but to no avail. I did change some settings in Avast but it still said it was infected.

Here's a picture of what comes up when I run it:
http://postimage.org/image/3rz9a2v5j/
Sorry about the quality but the error wasn't showing up in my screen capture program so I had to use my camera.

I'm running XP with Avast Free edition version 8.0.1485 with Virus definitions 130319-0 , release date 3/19/2013 4:51:52

Thanks.

« Last Edit: March 19, 2013, 09:38:46 PM by Gamer1234 »

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 1313
Re: win32 evo-gen
« Reply #10 on: March 20, 2013, 09:07:01 AM »
It should be fixed in next stream update.

Milos

Offline carpenihil

  • Newbie
  • *
  • Posts: 2
Re: win32 evo-gen
« Reply #11 on: March 20, 2013, 07:13:24 PM »
Meanwhile my problem was solved (I don't know how) but now I can open that game without any troubles.

Offline Leure007

  • Newbie
  • *
  • Posts: 1
Re: win32 evo-gen
« Reply #12 on: May 01, 2013, 11:16:07 AM »
I also got today the same message for a program I have been using for several years (hquote.exe which is a download program of stock quotes from finance.yahoo). I did the scan and got the following result:
https://www.virustotal.com/en/file/23b2867ffef283f81ad8c21f0c93ec53213e492948984befe547c8eb499bfd35/analysis/

Out of 41 scans, only CAT-QuickHeal is reporting "   (Suspicious) - DNAScan    20090825 "

Avast is automatically putting the program file in quarantaine even though I excluded the file from the list of files to be scanned.

Can you please help?

Offline radioDJ

  • Newbie
  • *
  • Posts: 3
Re: win32 evo-gen
« Reply #13 on: December 07, 2014, 02:55:04 PM »
I also have this problem with a autoupdate utility. I have sent the link to the avast contact form, but if it will be like the last submission i will never have any response.
The virustotal scan shown that the file is clean, even with the avast, but if i zip the file and put it online when downloading it, i get a ugly warning and avast will block the file.
Report: https://www.virustotal.com/en/file/5644f09bdf530b06203c0f8181a8377dc6951c323d5708691112473abd3aed85/analysis/1417959385/

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26884
Re: win32 evo-gen
« Reply #14 on: December 07, 2014, 03:12:35 PM »
Quote
  . I have sent the link to the avast contact form, but if it will be like the last submission i will never have any response. 
Most important must be that the FP is fixed ..... or?

New support link    https://support.avast.com

Quote
The virustotal scan shown that the file is clean, even with the avast,
win32 evo-gen [Susp] = suspicious    this is a on access detection only and will not show in any scan

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.