Win32:Evo-gen[Susp] boomerang

Avast Free Antivirus / Premium Security
1

I had a pop-up from Avast earlier today that informed me of this: Win32:Evo-gen[Susp] (rootkit).

Advised to ‘delete now’, I done so. Perform Boot Scan, I done so.

Ten minutes later, after the Boot Scan, that is) the same. Delete. Another Boot Scan.

Came on here to ask advice, and… HA! Same thing.

I’ve attached the screenshot, including the superimposed screenshot I was going to use to copy the name.

I’ve been advised to run ANOTHER Root Scan. I can’t keep doing this. Boot Scans take ages.

I’d be grateful for any advice, as either Avast isn’t deleting the rootkit [Susp], or I get it simply from opening my browser?

2

Win32:Evo-gen[Susp] = Suspicious

upload and test detected file at www.virustotal.com if tested before, click rescan for a fresh result
post link to scan result here

3

Sorry, I don’t understand what file I’m supposed to upload?

4

sdvo.sys … the file you see avast detect

look at your picture … put your mouse pointer on the vertical bar just in front of Rootkit Name
hold down left mouse button and drag sideways, then you should see the full file path

5

Thank for the assistance, Chief.

Here’s the link. All good.

Thanks again,
Tronk.

    https://www.virustotal.com/en/file/29de11ed19f8d8f8ec9b350df31a945a8e7a26eee01eb3d7a681eb866d612175/analysis/1423690099/
6

That file does not have the same name as the one in your screenshot

First submission 2012-03-25 09:51:55 UTC ( 2 years, 10 months ago )

CopyrightCopyright © Intel Corporation 2002-2011 Publisher Intel Corporation Product Intel Embedded Graphics Driver Original name iegdmini.sys Internal name iegdmini.sys File version 6.14.01.1839 built by: WinDDK Description Intel Embedded Graphics Miniport Driver

False Positive … you can report it here https://support.avast.com/ > Avast virus lab

7

Sorry, I’m not a computer maven - far from it. Hence me coming on here to ask for help. If I knew what I was doing, well, I wouldn’t need to bother, would I?

You see, this: iegd.inf_x86_neutral_cdc445fd2574a12e is a folder, housing 24 files.All the files in it, when ‘properties’ is clicked, are: iegd.inf_x86_neutral_cdc445fd2574a12e.

Do I upload every file individually to VirusTotal?