In my friend computer, I see the following files is labeled “Win32:evo-gen [susp]”:
C:/Program Files/HiveProcExplorer/HivePkg_v2.0.0216.exe (report on scan, sent to avast and still being reported)
C:/Program Files/Hivesoft/Hive_update_222.exe.tmp (report automatically on boot)
C:/Program Files/Hivesoft/Hive_update_224.exe.tmp (report automatically on boot)
I have check the first one in VirusTotal and the result is clean (that computer is having hardware issue so I cannot scan the other two in virustotal and post the links showing it is clean)
“Hive” is a scaner that use several antivirus engines to scan files and the files above are the updater
I’m having the same infection report (Win-32:Evo-gen [Susp]) for two other files:
WinDVD\IVIVIDEO.ax (for WinDVD version 5) and
WinDVD.exe (for WinDVD version 7)
These files are from 2002 & 2003 respectively and the v5 I’ve been running daily for many years. Of course I realize that even an old file can become infected, but it’s not like this is some new untested file that I’ve just started using.
Both files were submitted today (after Avast said they were infected) to both VirusTotal.com and virusscan.jotti.org and all the engines on these sites found both files clean including Avast’s engine on the sites (I’ve submitted the files directly to Avast as well).
Here’s the weird thing: I get a pop-up from Avast when accessing either file saying they are infected. Yet when I manually scan the files with Avast directly on my machine (either in their original folder or in the Virus Chest) Avast reports them as clean. So one part of Avast thinks they’re infected, yet another part thinks they’re clean (and as I said before, the online version of Avast also says they’re clean).
rickyyeung, have you tried manually scanning your ‘infected’ files with Avast? If they’re already in your Virus Chest, you can right-click the files from there and choose “Scan”. Does a manual scan give you the same results I got?
To me this seems more like an Avast program problem rather than a typical false-positive issue.
FYI, I’m running avast! Free v8.0.1489 with definition v130803-1 on Windows XP Pro.
This just happened again with another .ax file in the WinDVD directory. VirusTotal reports it as clean. And more importantly, scanning the file from within the Virus Chest shows it as - no virus -. I’ve put the file in my exclusion list, and restored it to its original location, but this is getting annoying.
I’ve been scanning forum messages, and this behavior seems to have been going on for at least several months
If a manual scan shows it as clean (either in its original directory, or in the Virus Chest), then what is causing a Win32:evo-gen [susp] message to pop-up when the file is accessed? This seems to be a case of “The left hand doesn’t know what the right hand is doing.” Any ideas why this is happening and what can be done about it?