system
1
Hi
On 6/9/14 Avast reported that it had blocked CLI.Component.Dashboard.Shared.ni.dll as Win64:Evo-gen [Susp] and put it into quarantine. However it looks like it’s last time it was changed was in February, seems odd that avast would ignore it all that time. Here is a screenshot of the info Avast gave me. Can anyone tell me if this is a legit threat, and if so what it may have done?
Thanks
MM
Pondus
2
Win64:Evo-gen [Susp] = suspicious
you can upload file to avast lab for analysis
You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)
You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21
system
3
I submitted it via the chest and now I’m trying to restore it so I can submit it to virus total. Doesn’t seem to be working though.
C:\windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\2409c67bc6a41975f817b069e7e665de
system
4
Okay now I am really confused. Attempted to restore the file twice, but it doesn’t show up in the folder where it previously was. When I used the location Avast gave me on virus total, it told me there was nothing there too. Then I tried to rescan it and now avast is saying “no virus”. I cannot find the file at all, even tried restarting. Not sure what has happened?
Pondus
5
if you rescan the file in avast chest i guess you will not see a Win64:Evo-gen detection as (to my knowledge) it is a on access detection only
when you restore file from chest a copy will remain in chest just in case … you may delete this when you will
why you dont find it … i do not know
system
6
Well can anyone tell me what I should do now? I mean I don’t know if this was prevented from being restored by Avast or what. I did a boot scan and nothing was found.
Every time I try to go to C:\windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\2409c67bc6a41975f817b069e7e665de it says windows can’t find it.
system
8
How can I submit it though when I don’t know where avast has put it? It’s not in the location Avast said it would be. I’m assuming Avast is supposed to put it back where it was.
Hi, it may be possible the files are hidden from your view.
Open File Explorer > Organize > Folder & Search Options > View > Tick Show Hidden Files/Folders/Drives & Hide Protected Operating System Files > Apply > OK.
Now check that location.
noface
10
I had the exact same happen to me for that dll on june 9th. It was blocked immediately when windows started and from what i can make out it’s part of the amd catalyst control centre, i presume you have it installed since you’re using an ati card? So as the forum was unfortunately down i did as much checking on it as i could and i really think it’s a false positive, i then restored it and put it in the exclusion list. I assume it came from the latest catalyst software version 14.4 and that new virus definitions i guess tagged it as suspicious and there is a precedent for that, i remember avast quarantining steam not so long ago.
EDIT: I see the links polonus posted that it is indeed part of the amd suite so that answers that. Really hope it’s a false positive though. Also, for some odd reason the same dll appears twice in the virus chest.
I just noticed the dll listed in those two links is version 4.5.4990.33584 but the version i have is 4.5.5220.38440 and i can’t seem to find a newer scan of that file on those 2 sites, again i’m presuming because it comes from catalyst 14.4 which was released in april. So i really would like to check that the md5 hash matches if there’s a newer scan but there doesn’t appear to be that i can find.
HonzaZ
11
Hi all,
I found several (~20) files with the name of “CLI.Component.Dashboard.Shared.ni.dll” in our system, and I disabled all detections that were detecting these files. I hope the problem is resolved in the next update 
Best
Honza
system
12
I do have AMD Catalyst, maybe that is the problem.