The nightly AVAST scan has identified a problem with the OSE.exe file and has pegged it as WIN32:EVO-GEN [SUSP]. Atempta to address the problem are not working and any repair/delete/move commands result in an “action postponed until reboot” entry in the result column of the log. I read that Win32:Evo-gen [Susp] is a generic detection used for a file that appears to have trojan-like features or behavior.

I am wondering if this is a false positive and how to proceed. Has anyone else had this problem?

Test it at VT (virustotal.com) and post the result here.

See: http://www.systemlookup.com/search.php?type=filename&search=OSE.exe&s=

If Virus Total gives you positive detection, please post that url scan result in your next reply. Highlight and copy/paste the resulting VT web page address so we can see it.

What is it you’re doing that’s leading to the detection?

Starting part of Office?

-Noel

If it’s this one, it’s needed for M$ office programs
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
it might be genuine advantage type of thing (typical M$ trojan, a necessary evil), but I’m not sure.

The error condition popped up in the nightly scan, and I was not accessing any part of Office at the time.

See: Reply #1

Ran virustotal scan and only one option identified the file as a problem: McAfee:

McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-DTR.K

For what it’s worth I have several different OSE.exe files on my system, and none of them are picked up by a thorough Avast scan. Do the sizes / dates of any of these match yours?

It’s possible your particular file’s been infected with something.

-Noel

You can report a possible FP here: http://www.avast.com/contact-form.php

Would removing and reinstalling Microsoft Office help?

Not really, as it’s most probably a FP.

Send us the file(s) to analyze.

use the virus@avast.com and put “false positive” in the subject line in zip or rar

Thanks milos