False positive Win32:Evo-gen [Susp] - HUAWEI modem - hwdeviceservice.exe

Hello,

After today’s Avast update (130729-0), I started receiving Win32:Evo-gen [Susp] rootkit message. I think it’s a false positive, cause I had this installed since Sept. 2012.
Avast gave me two choices - to delete this file or move to quarantine. I deleted it, and then I scanned system on boot. Clean.

I’m wondering if anyone has had a similar situation?

Do you use a USB internet dongle?

delete as first choise is not smart… as now you have no file to upload to avast lab, or restore if needed

You can report a possible FP here: http://www.avast.com/contact-form.php
and you could also uploaded the file to avast lab from here

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

you can also upload files from avast quarantine (chest)
how to use chest. http://www.avast.com/en-no/faq.php?article=AVKB21

Yes. There weren’t any problems in the morning. Then I turned off my comp, and turn on again around 5pm. Then, rootkit message appeared.

Does the dongle still connect and the user interface open up correctly, if it was a false positive and you deleted it you may need to uninstall the dongles software from Program and Features and then reconnecting should ask to re-install it again.

If avast detects once again follow the links Pondus supplied to report false positives.

This is obviously only if your dongle is Huawei branded :-\

I uninstalled its software, reinstalled again. Avast detects it. But the dongle still connects, user interface opens up correctly.

I’ll send this file.

Yes send it as a false positive, you should be able to either tell avast to allow/ignore or exclude if necessary for the time being.

Hi,

Avast update (130729-1) solved the problem. I reinstalled modem software, everything went well, so it was a false positive.

All good then :slight_smile: