The nightly AVAST scan has identified a problem with the OSE.exe file and has pegged it as WIN32:EVO-GEN [SUSP]. Atempta to address the problem are not working and any repair/delete/move commands result in an “action postponed until reboot” entry in the result column of the log. I read that Win32:Evo-gen [Susp] is a generic detection used for a file that appears to have trojan-like features or behavior.
I am wondering if this is a false positive and how to proceed. Has anyone else had this problem?
Asyn
2
Test it at VT (virustotal.com) and post the result here.
See: http://www.systemlookup.com/search.php?type=filename&search=OSE.exe&s=
If Virus Total gives you positive detection, please post that url scan result in your next reply. Highlight and copy/paste the resulting VT web page address so we can see it.
What is it you’re doing that’s leading to the detection?
Starting part of Office?
-Noel
If it’s this one, it’s needed for M$ office programs
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
it might be genuine advantage type of thing (typical M$ trojan, a necessary evil), but I’m not sure.
system
6
The error condition popped up in the nightly scan, and I was not accessing any part of Office at the time.
system
8
Ran virustotal scan and only one option identified the file as a problem: McAfee:
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-DTR.K
system
9
For what it’s worth I have several different OSE.exe files on my system, and none of them are picked up by a thorough Avast scan. Do the sizes / dates of any of these match yours?
It’s possible your particular file’s been infected with something.
-Noel
Asyn
10
system
11
Would removing and reinstalling Microsoft Office help?
Asyn
12
Not really, as it’s most probably a FP.
Send us the file(s) to analyze.
use the virus@avast.com and put “false positive” in the subject line in zip or rar
Thanks milos