Win32-EvoGen in Cyberlink Richvideo

Viruses and worms
1

I just did a boot-scan on Monday, and everything was fine.

I barely used my computer since then. I did a boot-scan and it found some Win32-EvoGen in my Cyberlink files. The bootscan is still running, but I did have it delete the Cyberlink files that it thought were affected.

Is this a false positive or is this real? (I am currently posting from another computer)

2

to late to find out if you deleted the file :wink:

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

3

well what should I do after I finish the scan? It has found the problem only in Cyberlink files. Since it has done enough to break my Cyberlink software, I am going to uninstall that stuff.

What else do I do?

4

Also, on the subject of logs. Immediately prior to initiating the bootscan, I did an MBAM scan, nothing was found.

I will post DDS and OTL logs once I can

5

Here are the DDS logs

6

OTL. Can’t find where the extras.txt file went though

7

also, aswMBR found a clean MBR.

8

Can someone please look at my logs

9

The log looks clean … Are you experiencing any problems ?

10

Yesterday my internet was cutting off for some reason (and my XBox was also taking a long time to connect to XBox Live), so I restarted the router.
It seemed the problem was gone (and my XBox’s connection time dropped down closer to normal)

I ran MBAM, no problem
I ran the boot scan and it detected this for the first time.
Then I re-ran MBAM and boot scan, nothing found. aswMBR said MBR was clean. Microsoft Safety Scanner was clean too.

I haven’t been using my computer since though. If something weird happens I will report it.

What is really weird is when I first got avast, it suspected RichVideo.exe (one of the deleted files), but never found anything wrong with it. I moved the file, so it wouldn’t run again. I’ve done countless boot-scans since then, I even did one on Monday, but not until yesterday did anything get caught. It deleted both the moved copy of RichVideo.exe as well as a back-up copy that was in a support folder.

11

That sounds like a false positive to me

12

k cool

so I should have nothing to worry about, right?
(also thanks for the help)

13

No as far as I can see you look clean

14

Awesome, thanks

I will keep you in the loop if something else shows up.