Author Topic: Win32: evo-gen  (Read 56815 times)

0 Members and 1 Guest are viewing this topic.

utrobin

  • Guest
Win32: evo-gen
« on: March 15, 2012, 01:39:47 PM »
Hi! avast found few files infected with Win32:evo-gen. Please help to fix them - avast can not.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Win32: evo-gen
« Reply #1 on: March 15, 2012, 02:10:10 PM »
What are the file names and locations of the detections ?
Did they have [PUP] or any other suffix after the Win32:evo-gen malware name ?

Win32:*******-Gen is a generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

What do you mean avast can't fix them, what error is displayed ?
Was it avast that detected them ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Win32: evo-gen
« Reply #2 on: March 15, 2012, 03:20:33 PM »
Quote
Did they have [PUP] or any other suffix after the Win32:evo-gen malware name ?
i think this is the one  Win32:Evo-gen [Susp]

Posted today
http://answers.microsoft.com/en-us/windows/forum/windows_8-system/displayswitchexe/32816f5a-00e5-4717-852d-85109dfb23d4

yesterday
http://www.atxcommunity.com/topic/10240-atx-program-not-opening/
« Last Edit: March 15, 2012, 03:23:57 PM by Pondus »

Offline kovac

  • Avast team
  • Newbie
  • *
  • Posts: 16
Re: Win32: evo-gen
« Reply #3 on: March 15, 2012, 05:27:59 PM »
Hi utrobin,

what files are being flagged as malicious? If you think those are false positives, please submit a false positive report. We are constantly monitoring this detection and updating it accordingly, so most false positives should be resolved soon. Since this is a generic detection avast! certainly won't be able to repair the infected files, sorry. If you are still seeing this detection even after virus definition update, please post more information about the flagged files (their name, location on hard disk etc.) so we can look at this issue in more detail.

Regards,
Peter Kovac
Per aspera ad astra.

utrobin

  • Guest
Re: Win32: evo-gen
« Reply #4 on: March 15, 2012, 05:50:36 PM »
AVAST found them during the scanning at boot
yes, it is Win32:evo-gen[Susp]

different files showed infected, here is the list
from c:\program Files\Support Tools
addiag.exe
bitsadmin.exe
dsastat.exe
dupfinder.exe
extract.exe
httpcfg.exe

c:\WINDOWS\system32\mspaint.exe

and some other files

Attempt to fix it returns error 42060

I'm not sure, that it is false positive...

Thank you !

charlest

  • Guest
Re: Win32: evo-gen
« Reply #5 on: March 15, 2012, 07:03:42 PM »
Hello,

I'm a Visual Dataflex 16.1 developer and now all my customers are having problens with this warning.
I installed Avast and i had the same problem.
For sure it's a false positive.
I hope you can find a fast solution.

Thanks
« Last Edit: March 15, 2012, 11:04:16 PM by charlest »

Offline kovac

  • Avast team
  • Newbie
  • *
  • Posts: 16
Re: Win32: evo-gen
« Reply #6 on: March 15, 2012, 07:46:23 PM »
Hi charlest,

thanks for your report. This issue is already fixed and should be resolved in the next VPS update (hopefully in a few hours). Sorry for any inconvenience caused.

Thanks,
Peter
« Last Edit: March 15, 2012, 07:52:01 PM by kovac »
Per aspera ad astra.

charlest

  • Guest
Re: Win32: evo-gen
« Reply #7 on: March 15, 2012, 08:48:45 PM »
Ok, thanks for the fast reply.

charlest

  • Guest
Re: Win32: evo-gen
« Reply #8 on: March 15, 2012, 10:06:51 PM »
I downloaded the new VPS Version: 120315-1 and I'm still having the problem.
« Last Edit: March 15, 2012, 10:13:21 PM by charlest »

charlest

  • Guest
Re: Win32: evo-gen
« Reply #9 on: March 15, 2012, 10:38:43 PM »
I just sent to you the files from my email.
I don't have permission to reply the PM.

Thanks

Offline kovac

  • Avast team
  • Newbie
  • *
  • Posts: 16
Re: Win32: evo-gen
« Reply #10 on: March 16, 2012, 09:52:44 AM »
The latest VPS (120316-00) doesn't flag the files as malicious anymore. Can you please confirm the issue has been resolved?

Regards,
Peter
Per aspera ad astra.

charlest

  • Guest
Re: Win32: evo-gen
« Reply #11 on: March 16, 2012, 02:05:04 PM »
It's solved.

Thanks

utrobin

  • Guest
Re: Win32: evo-gen
« Reply #12 on: March 17, 2012, 04:39:51 PM »
I've got 120317-0 and it still marks files as infected

Offline kovac

  • Avast team
  • Newbie
  • *
  • Posts: 16
Re: Win32: evo-gen
« Reply #13 on: March 17, 2012, 06:04:10 PM »
What files are marked as infected now?
Per aspera ad astra.

utrobin

  • Guest
Re: Win32: evo-gen
« Reply #14 on: March 17, 2012, 06:20:36 PM »
the same files are infected
see attachment