mbd35
June 28, 2014, 4:00pm
1
I’m running Windows 8.1 and have the latest version of Avast.
Avast quarantined two instances of this file this morning in these two directories:
C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1898_0
Another one is in quarantine that is dated 04/15/2014 called “System.ServiceModel.Primitives.ni.dll”.
They were listed as “WIN32:Evo-gen”. But it reported “no virus” when I re-scanned them in the virus chest, and now they’re all listed as “no virus”.
Is it safe to restore them? It’s weird that Avast would quarantine them in the first place and then say “no virus” when scanned.
Pondus
June 28, 2014, 5:43pm
2
It's weird that Avast would quarantine them in the first place and then say "no virus" when scanned
WIN32:Evo-gen [susp] = suspicious is a on access only detection
Pondus
June 28, 2014, 5:46pm
3
You can upload and test suspicious file(s) at one of these placeswww.virustotal.com / www.metascan-online.com / www.jotti.org
If you think detection is wrong, you can report it using one of these options
You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)
You can use mailvirus@avast.com in a password protected zip file
or you can send files from avast chesthttp://www.avast.com/faq.php?article=AVKB21
mbd35
June 28, 2014, 6:01pm
4
Sending the files from chest, I’m not sure whether to classify as false positive or potential malware. The files seem to have to do with Microsoft .Net framework.
Asyn
June 28, 2014, 6:07pm
5
Test them (Reply #2 from Pondus) and post the results.
mbd35
June 28, 2014, 6:09pm
6
Okay, I’ll try that. Thanks.
mbd35
June 28, 2014, 6:13pm
7
I extracted the files to the Download directory, and then tested them with all those sites, and they were reported clean. It’s probably a false positive.
Asyn
June 28, 2014, 6:15pm
8
If so, please report them.
mbd35
June 28, 2014, 6:27pm
9
Okay. I just reported them as probably being false positives.
mbd35
June 28, 2014, 6:36pm
11
Oh, and it turned out that I didn’t have the latest Avast version. It said that it would upload my false positive report at next update, so I updated the program, and a new version was available.
Now I have the latest Avast!
Got the same alert just now, reported as False Positive
system
June 28, 2014, 10:48pm
15
Happens with several dlls in that location. Not only in Temp folder.
YLAP
June 29, 2014, 9:22am
16
I’m running Windows 8.1 and have the latest version of Avast.
Avast quarantined two instances of this file this morning in these two directories:
C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1898_0
Another one is in quarantine that is dated 04/15/2014 called “System.ServiceModel.Primitives.ni.dll”.
They were listed as “WIN32:Evo-gen”. But it reported “no virus” when I re-scanned them in the virus chest, and now they’re all listed as “no virus”.
Is it safe to restore them? It’s weird that Avast would quarantine them in the first place and then say “no virus” when scanned.
No more FP’s. Reported about them yesterday too.