Author Topic: Win32:Evo-gen [Susp] quake2.exe FP? auto deleted? process itype.exe?  (Read 1871 times)

0 Members and 1 Guest are viewing this topic.

guysmiley

  • Guest
Today when I turned on my machine and windows XP loaded, Avast popped up with suspicious file blocked,
---
Object: E:\games\quake2\quake2.exe
Infection: Win32:Evo-gen [Susp]
Action: Deleted
Process: C:\Program Files\Microsoft IntelliType Pro\itype.exe

The threat was detected and blocked just before the file was opened.
---
So I have 3 questions about this:

1. The quake2.exe file has been on my machine for years and was not infected before, so has a virus somehow altered the file on me (which could be a severe problem if it starts doing it to other files), or is this a false positive?

2. Is it default behaviour, and in any case is it recommended behaviour, for avast to automatically delete a file like this? It didn't even ask me to. That's OK for this, but if one day avast loads up with 1000 FP's, or even 1000 real detections, I don't want it to obliterate my files without giving me any chance to do anything.

3. What does it mean by the "Process" being itype.exe? Is "Process" the program that is accessing the file, and "Object" is the file?


Thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
Re: Win32:Evo-gen [Susp] quake2.exe FP? auto deleted? process itype.exe?
« Reply #1 on: October 10, 2013, 11:28:23 PM »
Quote
1. The quake2.exe file has been on my machine for years and was not infected before, so has a virus somehow altered the file on me (which could be a severe problem if it starts doing it to other files), or is this a false positive?
It is not detected as virus .... but suspicious

have you tested the file at www.virustotal.com


You can upload files and report issues to avast  lab here: http://www.avast.com/contact-form.php  (change subject according to Your case)

you can use mail

send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.   http://www.avast.com/faq.php?article=AVKB21