Win32:Evo-gen[susp] for my nvsvc32.exe

Viruses and worms
1

Hi everyone,

I’ve used the free avast for a while now and it’s been very good. Just this morning after my computer turned on, i got a warning from avast saying that it found Win32:Evo-gen[susp] in my system32\nvsvc32.exe file. All I had done was checked some emails (did not open any links and no suspicious emails or anything).

Avast told me to remove the file so i told it to do so. Afterwards, avast said to restart my computer to do a boottime scan, which i did. After the boottime scan & my computer started up, the same Win32:Evo-gen[susp] in my system32\nvsvc32.exe file thing was found again. I then opened up avast and did a quick scan and it found the same thing & i selected the “automatically fix” option. In the result on the right after i clicked to apply my option, it said action postponed until next reboot. I rebooted and guess what? It still found the same file as Win32:Evo-gen[susp] in my system32\nvsvc32.exe file. Did avast not do anything after the reboot or what?

In any case, i found this odd and i was doing some reading online and i scanned my system32\nvsvc32.exe file on the following sites as i found when looking up this topic on the avast forums:
www.virustotal.com/en/
www.metascan-online.com
www.jotti.org

Scanning the system32\nvsvc32.exe file on all 3 of those sites, the sites told me the file is clean! What does this mean? A false positive or something as i’ve been reading? My computer doesn’t seem slower and no popups are coming up (asides from the avast popup everytime i reboot my computer telling me the same Win32:Evo-gen[susp] in my system32\nvsvc32.exe file thing was found again).

Please help.

2

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

3

Hi pondus,
I just sent it via the first link you gave. Lets hope it’s nothing. Don’t want to format if i don’t have to
Darian

4

Hi Darian, hi Pondus,

luckily I just found your post!
Yesterday I had exactly the same problem on my PC: your description matches perfectly the symptons on my machine. In addition to your activities, I bootet my PC from a DvD containing Linux and two independant virus scanners, just to be safe. Both scanners reported 0 findings on my boot drive c: containing the nvsvc32.exe, basically the same result as the quickscan result of Avast. Some more details:

  • I am running Avast program 2014.9.0.2011 on a Windows XP machine
  • Yesterday, Avast had a virus database version from ~10:15 PM, if I remember well

Now, 24h later and after updating to virus database version 140110-0, the symptons are gone without any further interaction! What I am afraid of is, that my system still might have this strange infection. In order to get more info regarding the root cause, I have two questions to Pondus:

  • Are there other users, who made the same or similar expiriences with the virus database version from yesterday evening?
  • Can you confirm or decline, that the root cause of the problem is the virus database version from yesterday evening?

I very appreciate any further help from you guys! Thanks a lot in advance!