Malwarebytes + AVASt = multiple Win32.Evo-gen

[Cranky]

Good day. This problem started 4/6/2013.  During a Malwarebytes Full Scan Avast interjected with BLOCKED MALWARE ALERTs and sent two suspicious files to the Virus Chest.

1) Name: GNTY.exe  Location:C/Program Files/Dell Support/GTCoach   Virus: Win32.Evo-gen (Susp)
 2) Name"gtny.exe  Location :C/program Files/WebCyberCoach/b_Dell   Virus:   Win32.Evo-gen (Susp)
  After the above I ran a Malwarebytes Quick Scan. No threats.  AVAST stayed quiet.
Prior to the above I ran an AVAST Full Scan. Clean. No Viruses found.

April 7/2013. I ran an AVAST  Full Scan. No Viruses. I followed this with  a Boot-time Scan, No Viruses.
I ran an ESET Online Scan. Clean, no threats found. And then...
 During Malwarebytes Full Scan AVAST interjected with FOUR BLOCK MALWARE ALERTS sending all four to Virus Chest:
1) Name: GNTY.exe  Location:C/Program Files/Dell Support/GTCoach   Virus: Win32.Evo-gen (Susp)
 2) Name"gtny.exe  Location :C/program Files/WebCyberCoach/b_Dell   Virus:   Win32.Evo-gen (Susp)
3) AO551251.exe    Location:C:/System Volume Information/_restore (2  Virus:   Win32.Evo-gen (Susp)
4)  AO551252.exe    Location:C:/System Volume Information/_restore (2  Virus:   Win32.Evo-gen (Susp)
Please note while AVAST was detecting 'nasties' all Malwarebytes Full scans completed clean. No malicious threats.
 I'll leave a possible reason for this strange behavior to much wiser forum members. I' will allow this personal deduction: Malwarebytes in FULL SCAN MODE  triggers an adverse reaction from AVAST. 

 As usual, I'll welcome any guidance from esteemed forum members.
 With thanks.
 Cranky/ John
 

 

[Pondus]

seems like false positives on Dell files

you can report it here. http://www.avast.com/contact-form.php   change subject to suite your case
you may add a link to this topic in case they reply here

[Undead-Divine-Assassin]

This sounds exactly the same thing as I've had to deal with this weekend although I'm still not sure where the problem lies because I had updated several programs prior to my monthly full Malwarebytes scan.

However the effect wasn't just some suspicious Malware-Gen and Evo-Gen files being sent to the Virus Chest whatever happened affected Avast badly. When I rebooted later that day I found the Avast tray icon missing despite the fact it is customised to be shown permanently. It was there in the list of unused tray icons but refused to reappear until I launched the main Avast program from my desktop shortcut.

All appeared OK and it was reporting my laptop was protected but next reboot the same thing happened. I checked my Startup items using CCleaner's tools to see that all the Avast items were there and enabled. They were.

This sort of thing had happened twice before and both had been after the monthly Windows(XP) 'essential' updating regime I do. These are done manually now as my suspicion is that that the Avast and Windows auto-updates or installs were sometimes messing up each other. No proof of this it could just be coincidence but I believe a second Avast update on this occasion may have also happened whilst I was updating Windows this last weekend. 

The first time this happened I tried Avast Repairs in both normal and safe mode - no joy. I then, laboriously went through all my Restore Points, again no joy.  Eventually I uninstalled/reinstalled Avast. Second time I tried the Restore Point option first and it did work but this third time it didn't. Something very odd occured.

On the reboot after the restore had finished the tray icon was back but when I clicked on the Avast UI option I was confronted by the Avast Pro UI and a message that my trial subcription to Avast Pro hadn't been enabled and I wouldn't be getting any more updates until it was. I've always used Avast Free and have NEVER even selected the Pro version trial offer.

Nothing I did could get rid of this Pro Trial version. I tried the Windows uninstall but all that seemed to do was delete the free version desktop and start menu shortcuts. The main AVAST software folder was was still there in Programs. I tried sending it to the recycle bin but, as I expected, because it was being used it prevented me from doing that. Because I'd used the Windows uninstall it was not now showing up as program so I couldn't get to the repair option now either.

Tried an earlier Restore Point and that allowed me to use Repairs. No joy. So then I used used Revo Unistaller to do a complete removal, or so I thought. On reboot the desktop/tray icons were back, the AVAST software folder was still full and the Pro trial version still only what was displayed.

Finally I found I had an Avast v.7 free installer from a (UK) PC Pro magazine cover disc and thought I might as well try that as I prefered v.7 anyway. It installed correctly but when I went to the UI it reported certain shields were down and they could not be enabled. WTF? In desperation I used the Repair option and apart from having to redo alll my settings I'm now back to full working order.  Yay!

But here's what I don't get: after the repair to Avast v.7 free newly installed from the disc the result was .................Avast v.8 free. Yes everything appears to be back to where it was before the problem occured and Avast is updating, automatically and correctly again. How did that all happen?

I still have the Malware-Gen32 and Evo-Gen stuff sitting in my Virus Chest. All scan as virus free using Avast and they also say those files are already present if I try to restore them. So I'm just leaving them there.

I think I'm going to reduce the scan sensitivity back to Normal as all these problem with v.8 sending stuff to the Virus Chest, most of which Avast's own scans of the quarantined files suggest are false positives, only started when I enabled the highest sensitivity options for my scans.


 




       







 


 




 


   

[Cranky]

Another day ,a better day. After updating my security programs: AVAST, Malwarebytes & SAS,  I put Malwarebytes into Full Scan Mode for 'one more try'. Within minutes AVAST red-flagged two files  almost identical to Sundays 'suspicious file' capture( Win32.Evo-gen (Susp)) and placed them in the Virus Chest.  Because only Malwarebytes Full Scan was causing AVAST to intervene, on a whim I used Revo Uninstaller to clean my system of the Malwarebytes program. After a reboot I installed a new copy of Malwarebytes.  I have just completed two Full Scans . AVAST didn't stir for either. It would appear the former Malwarebytes installed had somehow become corrupted. Out with the old, in with the news and Bob's your uncle, etc.
Regards.

[Undead-Divine-Assassin]

I've now found that there are other possible problems maybe caused by this Malwarebytes conflict or something else (Windows updates?). But on reboot today I've discovered System Restore is now not functioning at all - the welcome page just displays as blank white window. I should have 7 or 8 restore points but it looks like they may be gone or corrupted. 

I've also been trying to redo my Windows updates which would have been removed after I'd used the earlier restore point. EI now goes to the update home page but then the usual process of verifying and scanning for required updates just doesn't happen. Maybe just the MS web site overloaded but you get paranoid when there is a problem and something else does function as it should either.

Edit: It looks, from Cranky's description as it was a Malwarebytes conflict of some sort but it or something else I updated yesterday left my system damaged and I'm a bit peeved. I also don't like the way it changed to the "foistware" trial Pro version as I suspect this is what made removing/replacing the 'free' v.8 verson so difficult.