Author Topic: Why is AVAST suddenly convinced that WIN32:EVO-gen is all over the place?  (Read 2148 times)

0 Members and 1 Guest are viewing this topic.

Offline Gary102

  • Newbie
  • *
  • Posts: 1
I have AVAST free on 4 PCs and in the last week I've had 3 suspected alerts for Win32:Evo-Gen.  All of which I believe are wrong.  One was for an application I've had on my machine for months and used regularly, but when backing up my hard drive suddenly AVAST has quarantined an EXE which I have loaded dozens of times.  Another is the installer for the latest version of DriveBender from Division-M (Again very unlikely to be infected) and the 3rd was for a MediaPortal plug-in I was downloading. (OK this could arguably be infected but I still trust this source as I trust the community and developers and none of the previous 8-10 versions I've used have had anything in, no guarantee I know, but given Avasts performance is in question with all 3 appearing to have the same infection I'm inclined to not trust AV on this one either)

What's happened that Avast is suddenly so sensitive to false positives.  To test this I put the plugin for media portal and Drivebender through Virustotal.com and no other engine flags it as a problem.

Ironically whilst the plugin still got avast in a panic when I tried to install it.  The drivebender install file that AVast blocked me from downloading was not touched by avast when I downloaded it on another machine and copied it over and installed it.  No detection when running and installing the programme, but a problem when trying to download.

See images attached (1-Plugin cleared by 56 other AV engines,  2-The 'virus chest' on Avast showing the block of the Drive bender file, but then 3-Avast scan of the file shows nothing after copying it over from another machine)
« Last Edit: June 15, 2015, 08:02:10 PM by Gary102 »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
It is no use checking the WIN32:EVO-gen on VirusTotal as these detections only happen in real time (on-access) and not with on-demand scans, which is what is carried out by VirusTotal.

These WIN32:EVO-gen detections usually come from relatively low usage and unsigned files.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
Quote
It is no use checking the WIN32:EVO-gen on VirusTotal as these detections only happen in real time (on-access) and not with on-demand scans, which is what is carried out by VirusTotal.
This has changed David, it is no longer only on-access

eksample here  https://www.virustotal.com/nb/file/ed4683c3d1ebf356fa90cc9ec5af496368b1ade3ce34abe31deff0c0718eb652/analysis/

upload False Positives here  https://support.avast.com > avast virus lab



« Last Edit: June 15, 2015, 09:29:18 PM by Pondus »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Quote
It is no use checking the WIN32:EVO-gen on VirusTotal as these detections only happen in real time (on-access) and not with on-demand scans, which is what is carried out by VirusTotal.
This has changed David, it is no longer only on-access
<snip>

Thanks for that, much better.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security