Win64:Evo-gen (susp)

[FalseTime]

Had this randomly pop up. In my LaunchAlaunchX.exe and then when I checked in the virus chest and scanned. Said no virus then I get another pop up and says its in 13.exe avast temp. Then everytime I scan in the chest it pops up in avast temp and its 14.exe 15.exe etc

I assume its a false pos???

[Secondmineboy]

Right click on the Avast icon>Shields Control>Disable Avast there

Right click on the file in quarantine>Extract from quarantine>Choose your desktop

Upload the file on Virustotal.com If scanned already choose rescan

Post the link from the adress bar here.

[FalseTime]

https://www.virustotal.com/en-gb/file/62e92b37136ed54ef4c536b85ca50aa243ffcd71b1683e6e7704f1a5f2feedd8/analysis/1400684104/

Has come back clean. I did the last file that still said was a virus

Do I need to delete the extract? Is that safe?

[Secondmineboy]

First submission 2014-05-21 14:55:04 UTC ( 5 minutes ago )
Last submission 2014-05-21 14:59:01 UTC ( 1 minute ago )

Could be a legit detection cause its very new to Virustotal.

Wait a few days and rescan again, if clean send it to virus@avast.com Subject:False positive file in an password protected archive.

[FalseTime]

First submission 2014-05-21 14:55:04 UTC ( 5 minutes ago )
Last submission 2014-05-21 14:59:01 UTC ( 1 minute ago )

Could be a legit detection cause its very new to Virustotal.

Wait a few days and rescan again, if clean send it to virus@avast.com Subject:False positive file in an password protected archive.

Then why does it say in the chest that it isn't a virus when I scan it? And why would virus go from the Launch.exe to the being in Avast temp? I haven't had a virus is a long time. So a bit confusing

[Secondmineboy]

I dont know how that could have got in Avast Temp.

Evo-Gen is only scanning executed files and is not used in File Scans and System scans.

[FalseTime]

I dont know how that could have got in Avast Temp.

Evo-Gen is only scanning executed files and is not used in File Scans and System scans.

Weird, I just tested it again and scanned the Launch again in the chest, and it brings up being in avast temp again, and saying its 13.exe. Even though the launch in the chest say's its not a virus.

I'm confused, so basically, every time I scan the file in the chest, it brings up another alert with the virus in the avast temp. Must be a false pos

[Pondus]

Win64:Evo-gen (susp) = suspicious and only detected on access

[FalseTime]

Win64:Evo-gen (susp) = suspicious and only detected on access

Ah I see. When I started a Malwarebytes scan it brought it up. That's how I got the pop up. I just scanned the extract files and it brought it up in LaunchAlaunchX.exe again

[FalseTime]

Win64:Evo-gen (susp) = suspicious and only detected on access

Ah I see. When I started a Malwarebytes scan it brought it up. That's how I got the pop up. I just scanned the extract files and it brought it up in LaunchAlaunchX.exe again

Also malwarebytes, and avast and superantispyware scans, both say it's clean?

Anyone know what I should do? Done some banking earlier, so am a bit worried

[Michael (alan1998)]

If you've done online banking. Call them and tell them your passwords/PIN might be breached. If you['re worried about malware/viruses.

--> http://forum.avast.com/index.php?topic=53253.0

Download OTL and run it, then aswMBR (Win 7/Vista/XP ONLY!!). Post those logs, including a MBAM scan log.

[Pondus]

let avast lab check the file....



You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21

[FalseTime]

let avast lab check the file....



You can upload files and report issues to avast  here : http://www.avast.com/contact-form.php  (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject:  False Positive / undetected sample (select subject according to your case)
zip password:  infected

or you can send files from avast chest
how to use the chest.    http://www.avast.com/faq.php?article=AVKB21

I've done that. But haven't heard anything yet

[FalseTime]

If you've done online banking. Call them and tell them your passwords/PIN might be breached. If you['re worried about malware/viruses.

--> http://forum.avast.com/index.php?topic=53253.0

Download OTL and run it, then aswMBR (Win 7/Vista/XP ONLY!!). Post those logs, including a MBAM scan log.

Just waiting for the aswMBR to finish then I'll do a quick scan on MBAM which takes around 20min.

I've added the OTL log

[FalseTime]

Here's the aswMBR log