False positive: VBufBackend_gecko_ia2.dll (Win32:Evo-gen [Susp])

Hello,

The latest 141106-1 update is picking up a false positive in the file “VBufBackend_gecko_ia2.dll”, which is part of NVDA, a screen reader for Windows. It is detected as “Win32:Evo-gen [Susp]”.

On systems which have NVDA installed, this file will be located at “C:\Program Files (x86)\NVDA\lib\VBufBackend_gecko_ia2.dll”.

The false positive was not present in 141106-0, and blocking it will prevent NVDA from interacting correctly with Firefox, which can severely impact on blind people.

Checksums of the file detected as a false positive:

MD5: 35386eb6b438ee10a4e6ce57171a719f
SHA1: 6d473da64728e2ad3358a4678bb6bc3663e59884
SHA256: f4ca66c040ba4090f279ce7417568c0551ce74d8caede60c7db85dd334cbfe32

The file can be found by installing the nvda_2014.3.exe file available here: http://sourceforge.net/projects/nvda/files/releases/2014.3/nvda_2014.3.exe . Note that NVDA runs a temporary copy of itself when the installer is executed, so Avast! will detect the file in a temporary folder when the installer is run. On a normal installation, this would instead be in the Program Files (x86) folder shown above.

Thank you!

You can report a possible FP here: http://www.avast.com/contact-form.php

Thanks, I’ve sent a message using that. I apologise, I thought this forum was the place to report FPs.

You’re welcome.

Hello,
thanks for notice. It will be fixed in next stream update (in 10 minutes).

Milos