Probable false positive - JustCause2_Demo.exe - 1.04GB

avast! Free Antivirus
Program version: 7.0.1474
Virus definitions version: 130807-0

MD5 of “JustCause2_Demo.exe”: 4f241bc501243b793dfaf8041e07ec5b

I’ve been trying to download the Just Cause 2 demo from a number of places, but have been unable to download the EXE because avast! keeps blocking it, warning of “Win32:Evo-gen [Susp]”. I was able to download a ZIP file of it, but am unable to extract the EXE from the ZIP file as it still blocks it.

Downloads are widely available from reputable gaming sites. Here are a few download locations for this demo, none of which work with avast! enabled:

  • hxxp://www.fileplanet.com/210435/210000/fileinfo/Just-Cause-2-Demo
  • hxxp://www.joystiq.com/game/just-cause-2/download/just-cause-2-demo/
  • hxxp://www.gamefront.com/files/15777489

Here is a location where a ZIP file can be downloaded, but the EXE cannot be extracted:

  • hxxp://www.gamershell.com/download_56674.shtml

Disabling avast! for 10 minutes, I was able to extract it, though I did not execute it and instead turned avast! back on. I then right-clicked on the file and asked avast! to scan the file, which came back with no threats found. Figuring I was good to go, I double-clicked the file. Nope - avast! immediately blocked it with the same warning of “Win32:Evo-gen [Susp]”.

I understand that I’m not running the latest version of avast! (though I do have the latest virus definitions), and I plan to update in the future. Is this something which might be fixed by updating?

you can send the zip file to avast lab so that they can correct it

You can report a possible FP here: http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply

you can also use mail

send to virus@avast.com in a password protected zip file
mail subject: false positive
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

Thanks for the info, Pondus!

However, the file in question is 1.04GB large. Since I don’t have a very fast upload speed on my Internet connection and the demo is widely available, I figured it would make more sense to post links instead. Is there any way to point the lab at this post without uploading the file?

yes, this option can be used to just send a message

You can report a possible FP here: http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply

Hi Pondus,

Unfortunately the form doesn’t allow me to use the “Report false virus alert in file” option without also uploading the file. The other options - “Sales inquiries”, “Website issues”, “Report false virus alert on website”, “Report of undetected malware” and “Press (Media)” are not applicable, and there is no way to send the form without using one of these options.

The closest thing I can think of would be to use the “Report false virus alert on website” option and give a link to one of the download links, and put an explanatory apology in the Message field. Is this something I should do?

Thanks again for helping me out here!

then use the mail option with no file attached…

Okay, will do. Thanks!