Win32: evo-gen

Hi! avast found few files infected with Win32:evo-gen. Please help to fix them - avast can not.

What are the file names and locations of the detections ?
Did they have [PUP] or any other suffix after the Win32:evo-gen malware name ?

Win32:*******-Gen is a generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

What do you mean avast can’t fix them, what error is displayed ?
Was it avast that detected them ?

Did they have [PUP] or any other suffix after the Win32:evo-gen malware name ?
i think this is the one Win32:Evo-gen [Susp]

Posted today
http://answers.microsoft.com/en-us/windows/forum/windows_8-system/displayswitchexe/32816f5a-00e5-4717-852d-85109dfb23d4

yesterday
http://www.atxcommunity.com/topic/10240-atx-program-not-opening/

Hi utrobin,

what files are being flagged as malicious? If you think those are false positives, please submit a false positive report. We are constantly monitoring this detection and updating it accordingly, so most false positives should be resolved soon. Since this is a generic detection avast! certainly won’t be able to repair the infected files, sorry. If you are still seeing this detection even after virus definition update, please post more information about the flagged files (their name, location on hard disk etc.) so we can look at this issue in more detail.

Regards,
Peter Kovac

AVAST found them during the scanning at boot
yes, it is Win32:evo-gen[Susp]

different files showed infected, here is the list
from c:\program Files\Support Tools
addiag.exe
bitsadmin.exe
dsastat.exe
dupfinder.exe
extract.exe
httpcfg.exe

c:\WINDOWS\system32\mspaint.exe

and some other files

Attempt to fix it returns error 42060

I’m not sure, that it is false positive…

Thank you !

Hello,

I’m a Visual Dataflex 16.1 developer and now all my customers are having problens with this warning.
I installed Avast and i had the same problem.
For sure it’s a false positive.
I hope you can find a fast solution.

Thanks

Hi charlest,

thanks for your report. This issue is already fixed and should be resolved in the next VPS update (hopefully in a few hours). Sorry for any inconvenience caused.

Thanks,
Peter

Ok, thanks for the fast reply.

I downloaded the new VPS Version: 120315-1 and I’m still having the problem.

I just sent to you the files from my email.
I don’t have permission to reply the PM.

Thanks

The latest VPS (120316-00) doesn’t flag the files as malicious anymore. Can you please confirm the issue has been resolved?

Regards,
Peter

It’s solved.

Thanks

I’ve got 120317-0 and it still marks files as infected

What files are marked as infected now?

the same files are infected
see attachment

Hi! I have the same problem, only all of my Windows XP Pro system files seem to be infected. I use two hard drives with two separated systems (Win7 and XP Pro, not even any boot record recognizes the other), and the Win7 seems to be okay.

I just refreshed both the virus database and the software, and it’s still coming up. I’m not sure if it’s a mistake though. What is worse, WinXP tells me to use the original install disc to repair the files, because “necessary system files have been replaced with unrecognizable versions” or something like that, that may affect stability. I lost some programs too (like notepad.exe), I think those have been moved to quarantine. If I move to quarantine all the system files of WinXP I’m sure it won’t ever start again, and I need that system. Repair didn’t work. Any idea?

Hi minotaur,

please follow instructions written here: http://forum.avast.com/index.php?topic=53253.0 (on the Win XP of course). It is indeed very strange that so many system files of Windows XP are being flagged as infected. Does not look like a false positive to me, especially if Windows itself recognizes them as invalid. I also recommend you to start a separate thread, describe the problem and attach the required logs (see link above).

Good luck,
Peter

Hi,

still having troubles with the files, could you please advice, what to do next?

Regards
Alex

Hi,

I have the same problem - Avast is showing Win32:Evo-gen [Susp] in almost all installation programs from www.jzk.pl (download from http://jzk.pl/pobierz) , supplier of software for small businness. Is it possible to chceck whether it is a serious threat or just a false allarm?

Still did not get any reply! Could anyone check whether the software from www.jzk.pl (download from http://jzk.pl/pobierz) is trustworthy??