Author Topic: Win32:Evo-gen[Susp] (Read 5463 times)

REDACTED · « **on:** August 16, 2014, 09:18:08 AM »

Hello.

My avast! is alerting me a Win32:Evo-gen[Susp] infection in the following path:
C:\Windows\...\6bf1jdakljdkjdkljdksc (many characters)jksadjdasjas.tmp
Process: C:\Windows\servicing\TrustedInstaller.exe

Whatever the action I choose, it repeats again and again.

I've used TrendMicro online and there are no issues, and also followed some tips e.g, Malwarebytes Anti-Malware, Farbar ( I have their logs) and finally aswMBR rootkit, but this latter freezes in the middle of the process.
I have java and adobe reader updated, and I`m using W7. Is there anyone here to help me?

Note: It seems to me a false positive, but I could not find a way to set the AVAST to forget it.

Thank you very much.
msmn

Pondus · « **Reply #1 on:** August 16, 2014, 10:26:43 AM »

first, virus and false positive problems should be reported in the Viruses and Worms forum section (to late now)

have you uploaded and tested the file at www.virustotal.com if tested before, click new scan and post link to scan result here

REDACTED · « **Reply #2 on:** August 16, 2014, 05:10:36 PM »

Sorry for the post in the wrong place, I will pay attention next time

Following your instruction, the information that I've got was: "
"This file was last analysed by VirusTotal on 2014-08-16 00:56:28 UTC, it was first analysed by VirusTotal on 2011-02-24 01:41:11 UTC."

SHA256: f2ef85f5aba307976d9c649d710b408952089458dde97d4def321df14e46a046
File: trustedinstaller.exe
Detection rate: 0 / 54
Analysis date : 2014-08-16 00:56:28 UTC
" Probably harmless! There are strong indicators suggesting that this file is safe to use."

Pondus · « **Reply #3 on:** August 16, 2014, 05:16:13 PM »

as i said ... post link to scan result .... lots of info we can not see if you dont

i found it

https://www.virustotal.com/en/file/f2ef85f5aba307976d9c649d710b408952089458dde97d4def321df14e46a046/analysis/

First submission 2011-02-24 01:41:11 UTC ( 3 years, 5 months ago )

Quote

Copyright© Microsoft Corporation. All rights reserved.
Publisher Microsoft Windows
Product Microsoft® Windows® Operating System
Original name TrustedInstaller.exe.mui
Internal name TrustedInstaller.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description Windows Modules Installer
Signature verification Signed file, verified signature
Signing date 8:37 PM 11/20/2010
Signers
Microsoft Windows
Microsoft Windows Verification PCA
Microsoft Root Certificate Authority

Counter signers
Microsoft Time-Stamp Service
Microsoft Time-Stamp PCA
Microsoft Root Certificate Authority

Pondus · « **Reply #4 on:** August 16, 2014, 05:19:31 PM »

you can report a possible false positive case to avast lab using one of these options

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

REDACTED · « **Reply #5 on:** August 17, 2014, 12:34:10 AM »

Ok Pondus, see below the link

https://www.virustotal.com/pt/file/f2ef85f5aba307976d9c649d710b408952089458dde97d4def321df14e46a046/analysis/

So maybe I will need to use one of your options to report the false positive to Avast.

thanks

Author Topic: Win32:Evo-gen[Susp] (Read 5463 times)

REDACTED

Win32:Evo-gen[Susp]

Pondus

Re: Win32:Evo-gen[Susp]

REDACTED

Re: Win32:Evo-gen[Susp]

Pondus

Re: Win32:Evo-gen[Susp]

Pondus

Re: Win32:Evo-gen[Susp]

REDACTED

Re: Win32:Evo-gen[Susp]