Hello, Avast find a rootkit on my computer (win xp home) :
File Rootkit
C:\WINDOWS\system32\drivers\rdpdr.sy0 Win32:Evo-gen [Susp]
C:\WINDOWS\system32\drivers\rdpdr.sys Win32:Evo-gen [Susp]
I have searched solutions on internet but I found two differents responses :
It’s a false alert (but Avast is up to date).
It’s a virus (how can I remove it) ?
Program version : 8.0.1483
engine and VPS : 130402-1
I also sent files to “virus at avast dot com” it was advised to do this in sticky of virus and worms child board (this post should probably be there, eh?)
I have same experience with c:\windows\system32\drivers\eio.sys . It should be file of ASUS, but I am not sure, because Avast blocks any operation with this file. I sent it to Avast.
Guys,iif the issue continues,make your own topic in the viruses and worms section of the forum and attach the logs from the tools as given in this guide: http://forum.avast.com/index.php?topic=53253.0
I’ve just gotten a false positive with this notification. It’s flagged an obscure SQL editor as having this infection during initialization of the .Net environment it uses. I’ve uninstalled the program and am going to re-install it after doing an Avast scan as well as a Malware Bytes scan, just to be paranoid.
That false positive is interfering my Delphi development. Too many of just compiled PE files are detected as Win32:Evo-gen [Susp]. See no option except for turning the file shield off.
Avast guys, please act immediately! I have sent an example file to virus@ yesterday.
Evo Gen is a new system which helps avast! to identify new unknown malwares even if they have never been seen.
See here it’s clearly explained : https://blog.avast.com/2012/12/03/new-toy-research-lab/
It may cause some FP but generally avast! team are really fast to fix them.
Back in 2006 I was learning to program C++ in college. I had all of my old source code and executables backed up on a flash drive and later on a remote Linux server at my new university. When cleaning out my space on the server, I pulled them in and Avast flagged all of the executables as Win32 Evo-gen [Susp].
The code is nothing more than an exploration of the functionality of C++, but each program contains one or more system() lines for clearing the console and pausing execution to view and gather the output (the school I attended only had Windows environments for us to program in). I believe these are the root of the positive detection in my case.
Strangely, though, the same technique was used in a previous course I took for learning C, but those executables were not flagged. I don’t know enough about C and C++ compilers to know the difference between the resulting compiled machine instructions.
Kinda cool. But this thing pops up too often when I work using Delphi. What about making this check optional? How many FP files should I send? Do I need an antivirus product behaving like that?
I write hoping that maybe here someone will pay attention to the problem.
We work with a commercial software developer who works in Delphi. Recently, we have faced a problem in operation of the product with the avast antivirus. Some versions of antivirus when executed would define our program as Win32:Evo-gen [Susp], other would block the access of the program to Internet (more precisely, they pass the request-out but cut the answer to 0 byte) in spite of our adding the program to all possible exception lists of the antivirus. And avast 2014, when the program is installed, often brings the system to BSOD with errors SYSTEM_SERVICE_EXCEPTION and KMODE_EXCEPTION_NOT_HANDLED (besides in the system logs the cause is defined as the service aswSnx.sys: avast! virtualization driver, group of FSFilter Virtualization). We have an antivirus license and contacted the avast support team (ticket #KVP-583-26762). The support team specialist Tomáš Zajíc concluded that the only way to prevent the blocking of access to Internet is to switch off the web-shield (“Unfortunately there will be solution to turn off avast web shield only.”).
After that message, the support team keeps silence and would not answer any our questions.
Early this year the program developer himself addressed the avast support team (https://support.avast.com/index.php?_m=tickets&_a=viewticket&ticketid=3093443, ticket LSS-733822). But they would first define it as a spam and then delete the account and all messages.
We are filled with indignation! Why having paid for the license we must turn off the antivirus to work with the program? Is it right that the application continues to ignore the programs added to its exception list? We have been using the avast antivirus since 2008 as it has been really the best. But in the last two years the quality has drastically gone down and there appeared a lot of needless (and even harmful) innovations (like the sandbox which prevents operation of all exe-files compiled in Delphi). If there are developers here, please, get involved in the solution of the problem. We would rather not change the antivirus.
Win32:Evo-gen [Susp]: Its very simli: Who use Total commander whic has some viruses then have all you see above. By the way destroy yours ifecteded programs and
stands it use only explorer. I repeted it more the two once in my practik. And you will have happineses/
