win32:evo-gen [susp] False Positive??? Am I infected?

Hello,

As of about a week ago, every time I open a database in Sage 50 Pro Accounting (Canadian Edition) I get a red warning from Avast with the following information:

Object C:\users.…\AppData\Local\Temp(random letters).dll
Infection: Win32:Evo-gen[Susp]
Action: Moved to chest Process: C:\Windows\Microsoft.Net\Framework\v4.0.30319\csc.exe

I have tried whole system scans with: - Avast (free version), Security Check (desktop version), Farbar Service Scanner, Mini Toolbox, Malware Bytes Anti Malware, Malwarebytes Anti-rootkit, RKill (from BleepingComputer.com), Tempfile Cleaner, AdwCleaner, Junkware Removal Kit and ESET online scanner.
I have scanned and cleaned my computer with everything I can think to throw at it, and I have of course also scanned the files that were sequestered to the Virus Chest and they are coming up as clean. I have submitted the files to Avast as suspected false positives…however I still have this one little issue of every time I open a Sage 50 database, I trigger the creation of one of these .dll files. I have attempted to gain support from Sage 50, but my contract with them apparently does not cover this level of technical support so I am unable to even confirm that the .dll files with random letters and numbers as their file names are a normal part of the function of the program. Since the file names do seem random, I am unable to set Avast to ignore them.

I am seeking support and guidance for the following:

  1. Has anyone else experienced this with software similar to Sage (used to be called Simply Accounting)?
  2. Are there any other tools I should be using to confirm that my computer is in fact free of virus/Trojan/worms etc?
  3. Assuming that I do have a clean system, is there anyway that I can set Avast to ignore these files without putting my computer at risk of actual virus/worm attacks in the future?

With great appreciation for any help available out there,

A Novice Computer User

Infection: Win32:Evo-gen[[b]Susp[/b]]
susp = suspicious / not a confirmed infection

upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners (if tested before, click new scan)
post link to scan result here

https://www.virustotal.com/en/file/d13abe5161bbae1d25184af0a979fb5cc9f3a2e61f2d4ea22457bb5041c64118/analysis/1378848614/
here are the scan results.
assuming that this is in fact a false positive, alluding to the Susp as suspected as opposed to confirmed, is there any way that i can have Avast ignore these files which i must then assume are completely harmless?

I’ve had the same problem since September 7th. Sage 50 still seems to work fine, so the support person at Sage said just ignore the problem, or use a different anti-virus software.

A false positive can be reported here: http://www.avast.com/contact-form.php

taxgirl…that is the response that i was looking for. It was right around that date that i noticed it beginning as well. I suspect that some update from Avast that day doesn’t like coding from Sage. I hope that Avast can address this in a future update to desensitize the screening from those files. I have submitted multiple events of false positives since each time i open a database i have a new .dll created which triggers an alert and virus chest sequestration. Thank you all for your help. I am pretty confident at this point that there is no issue and that it is a normal temp file created by Sage which although suspicious to Avast, is not in fact a virus.

I have the same problem and it stared around the same time. Today, my computer kind of gets into a loop of Window Updates. It will install the updates and then the update notice opos up again. I restarted the machine twice but it is still there. Any suggestions?

I had the same problem with a file named Obroker.exe. This file is a component of the Virtual account numbers program (citivan.exe) form Citi Bank. The problem is resolved with today’s definition files.

Same thing just started happening to me. Every time I launch Sage/Peachtree 2012, Avast starts hollering and by the time it’s over, 51 dll’s with apparently randomly generated filenames have been moved from \Users.…\AppData\Local\Temp to the chest. All are flagged as Win32:Evo-Gen [Susp]. I would just set Avast to ignore those files, but since it appears the names are randomly generated, seems unlikely this would do any good. Any suggestions?

Any suggestions?
yes .... in the topic you started

Thanks, Pondus, and sorry for the cross-post. :-[