svcdns.exe infected with Win32:Evo-gen

Avast scan is saying the file located at C:\Windows\svcdns.exe is infected with Win32:Evo-gen. I followed the excellent info on downloading the various tools to obtain the necessary basic logs. Please see attached. Not sure if you need any other info. Thanks in advance for any assistance!!

David

attaching the aswmbr

Win32:Evo-gen [susp] = suspicious … so not a confirmed infection

upload and test the file here www.virustotal.com if tested before, click rescan … post link to scan result here

https://www.virustotal.com/en/file/e720a4c53169f5fa29b7d4861959b5376b3020398bff6f354b9fc79f52a75fa5/analysis/1409898030/

First submission 2013-04-19 20:12:31 UTC ( 1 year, 4 months ago )

well that sure seems infected …

but this file info make it look legit? … however Norman detection name Obfuscated_L may indicate that the file is not what it seems to be

CopyrightCopyright Apple Inc. 1989-2012 Publisher ????????????? Product QuickTime Original name QTOLibrary.dll Internal name QuickTimeLibrary File version 7.7.2 (1680.56) Description QuickTime Library Signature verification Certificate out of its validity period Signers [+] ????????????? [+] WoSign Class 3 Code Signing CA [+] Certification Authority of WoSign [+] StartCom Certification Authority

upload and report it here http://www.avast.com/contact-form.php and ask if this detection is good
give link to this topic in case they want to reply here

Thanks for the assistance!! :wink:

your welcome :wink:

I’m not sure what this means? Can you explain?

Thanks
DL

Obfuscation: Malware’s best friend https://blog.malwarebytes.org/intelligence/2013/03/obfuscation-malwares-best-friend/

Obfuscation http://en.m.wikipedia.org/wiki/Obfuscation

Although this is all a very new world to me, I get the idea of obfuscation. I submitted the file to http://www.avast.com/contact-form.php as you suggested.

How long would one normally need to wait for a response?? I’m wondering if I should avoid completely using this computer so as to now cause any further damage. Also wondering if I should disconnect internet / wifi from this computer. Or any other practical steps??

Thoughts?

David

Hello

there is no answer in the reports, it takes at most 3 days.
you can use the ticket support

https://support.avast.com/Tickets/Submit

This is an example of a detection correct
the database Emsisoft

https://www.virustotal.com/en/file/fb2a8a42cbe733a1f621b2f18c7fae64f30f0afec00c9737363f02436ffe58b8/analysis/

so this file is not part of the operating system
any program that was recently installed.

I’m sorry my friend but I don’t understand your english ??? :-[

do you still have the file in avast chest? … right click it in chest and scan it, what result do you get?

See attached pic