svchost.exe infected or false positive?

Over the last few days, when on the web, Avast keeps finding a possible virus. It seems to only happen once a day and it’s not always the same site.

I’ve tried to find the infected file to be scanned, but it’s not in the folder Avast mentions. So, I’m guessing it’s a temporary file.
I have tried one system scan and two boot time scans, but they have all come up clean.

Any ideas on what I should do? Any help is greatly appreciated.

Name of the infected file : tmp.edb

Original folder : C:\Windows\SoftwareDistributation\DataStore\Logs

Infection : Win32:Evo-gen[susp]

Process : C:\Windows\System32\svchost.exe

It is not svchost that is detected as possible malware, but the process that is using svchost.
In your case the tmp.edb file.
Please follow the instructions and attach the logs:
https://forum.avast.com/index.php?topic=53253.0

I followed the instructions and it seems like Malwarebytes took care of some PUPs.

I’ve attached the text logs you’ve requested.

Please let me know if there is anything else I need to do. Thanks.

I have tried one system scan and two boot time scans, but they have all come up clean.
Win32:Evo-gen[[b]susp[/b]] = suspicious is a on access detection only and will not show on any scan

Nothing evident, that is a windows log so probably a false positive

I hope it’s a false positive too because it happened again today.
This time it happened right after I unplugged my internet adapter, but I still had my browser up so maybe that had something to do with it.

Run this

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

I ran AdwCleaner and attached the log file you requested.
Hopefully that fixed the issue.

Please let me know if there is anything else I need to do.

Let me know if you get the alert again but here is Sophos advice on this

Windows security database files ('.edb') may be scanned as part of behavior monitoring or in scenarios where the on-access scanner needs to verify the file type is as the filename suffix states. This can occur irrespective of the on-access scanned extensions list.

These files can contain a structure that the on-access scanner may interpret as malicious whilst the file is in transitional state.