Author Topic: tomb4.exe false positive(Win32:Evo-gen)  (Read 5179 times)

0 Members and 1 Guest are viewing this topic.

Caesum

  • Guest
tomb4.exe false positive(Win32:Evo-gen)
« on: June 19, 2013, 10:17:13 AM »
1. It was detected when moving the tomb4.exe file to another folder.

2. The file is included in a modificated version of Tomb Raider Level Editor caled Next Generation Tomb Raider Level Editor. It's a modification to Tomb Raider IV engine to allow more features and better performance. It can be downloaded from http://skribblerz.com/editortools.htm
3. It was downloaded 23/03/2011 and until recently there was no problem with it.
4. tomb4.exe
5. The last pop-up message was overwrited by another one, so I can't tell exactly. It said it found a suspicious program and deleted it immediately.
6. The message says the file is safe, there is no danger.
7. https://www.virustotal.com/pl/file/2e07f27c7631aecad3bb7ec250b3daef6a2df93f0a3cb347805b7f646f27fce0/analysis/1371629048/
MD5: c502e39546c807afc58838d20952fedb
Detection ratio:    2/47
8. There is no information about Win32:Evo-gen on any of the two sites.
9. The file is widely used by Tomb Raider Custom Level Community and there have never been any problem with it. The person who have made the file has a good reputation on Tomb Raider community. I have used it myself for several years without problems until recently. Virustotal out of forty seven found only two antiviruses that think of it as a dangerous file. When scanned, Avast says it's a harmless file. The evidence provided by the above questions let me judge the file is safe.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76034
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: tomb4.exe false positive(Win32:Evo-gen)
« Reply #1 on: June 19, 2013, 10:25:55 AM »
You can report a possible FP here: http://www.avast.com/contact-form.php
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Caesum

  • Guest
Re: tomb4.exe false positive(Win32:Evo-gen)
« Reply #2 on: June 19, 2013, 12:07:08 PM »
I've already sent it several days ago but I thought maybe it'd be good to make a thread about it on forums as well.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: tomb4.exe false positive(Win32:Evo-gen)
« Reply #3 on: June 19, 2013, 03:07:19 PM »
For that potentially suspicious detection, see the discussion here: http://www.wilderssecurity.com/showthread.php?p=2241914
and Vlk's postings in that thread #8, #11, #19 about that heuristic detection.
Good you filed up a FP report, because heuristic detections come FP-prone by nature,
and here because there are variations on the exact executable, dependant on the settings in the patcher.
That is why we have seen FPs earlier for this file with MBAM...(Trojan.FakeAlert),

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!