Win32:Evo-gen[Susp]

Hello.

My avast! is alerting me a Win32:Evo-gen[Susp] infection in the following path:
C:\Windows.…\6bf1jdakljdkjdkljdksc (many characters)jksadjdasjas.tmp
Process: C:\Windows\servicing\TrustedInstaller.exe

Whatever the action I choose, it repeats again and again.

I’ve used TrendMicro online and there are no issues, and also followed some tips e.g, Malwarebytes Anti-Malware, Farbar ( I have their logs) and finally aswMBR rootkit, but this latter freezes in the middle of the process.
I have java and adobe reader updated, and I`m using W7. Is there anyone here to help me?

Note: It seems to me a false positive, but I could not find a way to set the AVAST to forget it.

Thank you very much.
msmn

first, virus and false positive problems should be reported in the Viruses and Worms forum section (to late now)

have you uploaded and tested the file at www.virustotal.com if tested before, click new scan and post link to scan result here

Sorry for the post in the wrong place, I will pay attention next time :slight_smile:

Following your instruction, the information that I’ve got was: "
“This file was last analysed by VirusTotal on 2014-08-16 00:56:28 UTC, it was first analysed by VirusTotal on 2011-02-24 01:41:11 UTC.”

SHA256: f2ef85f5aba307976d9c649d710b408952089458dde97d4def321df14e46a046
File: trustedinstaller.exe
Detection rate: 0 / 54
Analysis date : 2014-08-16 00:56:28 UTC
" Probably harmless! There are strong indicators suggesting that this file is safe to use."

as i said … post link to scan result … lots of info we can not see if you dont

i found it :wink:
https://www.virustotal.com/en/file/f2ef85f5aba307976d9c649d710b408952089458dde97d4def321df14e46a046/analysis/

First submission 2011-02-24 01:41:11 UTC ( 3 years, 5 months ago )

Copyright© Microsoft Corporation. All rights reserved. Publisher Microsoft Windows Product Microsoft® Windows® Operating System Original name TrustedInstaller.exe.mui Internal name TrustedInstaller.exe File version 6.1.7600.16385 (win7_rtm.090713-1255) Description Windows Modules Installer Signature verification Signed file, verified signature Signing date 8:37 PM 11/20/2010 Signers [+] Microsoft Windows [+] Microsoft Windows Verification PCA [+] Microsoft Root Certificate Authority Counter signers [+] Microsoft Time-Stamp Service [+] Microsoft Time-Stamp PCA [+] Microsoft Root Certificate Authority

you can report a possible false positive case to avast lab using one of these options

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

Ok Pondus, see below the link

https://www.virustotal.com/pt/file/f2ef85f5aba307976d9c649d710b408952089458dde97d4def321df14e46a046/analysis/

So maybe I will need to use one of your options to report the false positive to Avast.

thanks