DMXLauncher.exe by Dell detected as Win32:Evo-gen F/P

Viruses and worms
1

DMXLauncher.exe was detected by FSS as Win32:Evo-gen [Susp] when I openned WinPatrol. See image

Since Avast! does not have an ignore accion, I sent it to the Chest. I rescanned it there, but it says " No virus ". Funny ha! Restore the file to send to VT.

VT results:
https://www.virustotal.com/es/file/a36819a62ceb40efe23ac4cb01f3d50a317aecc1443bd257def4fe7481d221e4/analysis/1365378702/

While doing this Avast! detected it again thru FF. I submited the file to Avast! lab as a F/P. Restored the file and excluded it from detection.

2

Ok I excluded the file in FSS and BS, and Avast! still FSS found it ??? I believe, in System Restore and sent the whole .exe to Avast! Chest.

08/04/2013 12:08:54 C:\System Volume Information_restore{C93A7264-03D8-483A-8AF4-E1E03C0454AA}\RP190\A0038299.exe [L] Win32:Evo-gen [Susp] (0)
File was successfully moved to chest…

08/04/2013 13:13:51 C:\System Volume Information_restore{C93A7264-03D8-483A-8AF4-E1E03C0454AA}\RP190\A0038313.exe [L] Win32:Evo-gen [Susp] (0)
File was successfully moved to chest…

and Avast! did not even bother to alert me >:( It was my mail Virus Alert that informed me about it :slight_smile:

The funny thing is that if I scan the file in the Chest or the folder with Scan from Windows Explorer, nothing is detected.

3

hi iroc9555,

http://systemexplorer.net/file-database/file/dmxlauncher-exe
http://systemexplorer.net/file-database/file/dmxlauncher-exe/96077

Above might help you out.

More file listing are available @ systemexplorer, might give you an idea or two. I think this to be a context issue: directory location, etc., more than anything else.

4

Because evo-gen at current point is only a real time technology and is not bid to the on-demand scanner ;D

5

Thanks mchain.

I am sure that my file is legit. I have DeLL Media Experience with Roxio\Cine player (Sonic Solution). Its MD5 and SHA256 checked out OK. I do not even know why they have it as a 100% threat in your first link. BTW Avast! has been detecting a lot of DeLL and HP programs lately.

http://www.winpatrol.com/db/pluscloud/dmxlauncher.html?dmxlauncher.exe&2&10&0&0&0&1&643&1051&1014

It has not been modified since 2006, well not until Avast! detected it anyways. It usually was detected by BS and I had it as a trusted process in Avast! v.6 and v.7. Avast! 8 did not detected it until last week, but it was FSS which did it and not BS.

Thanks true indian.

***** There goes another restore point*****

Come on Avast!.. 3 days and still waiting for a VPS or fix exclusion.