Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Avast false positive?
December 8, 2013, 7:06 am
rate this thread
I have been using for years without any noticeable problem.
Avast stops the execution and automatically sends the file to the
vault, without asking me, even though my settings are set to ask first.
It gives the warning socks program stopped contains Win32:Evo-gen
Looking up this virus it sounds quite dangerous, it's reported as a
rootkit trojan that allows takeover of your system.
I ran kaspersky's root kit detector, no problems. AND Avast does not
detect the trojan when the executable for this socks program is scanned
on demand. Apparently it is doing something on execution that avast
doesn't like in it's new update-never reported it before.
Reported it as a false positive to Avast. Anyone else had this one?
Re: Avast false positive?
Check that your file system shield settings are still set to "Ask."
It's possible that successive updates to the base program did not
inherit all preferences.
There are scare sites on the internet that make hair-on-fire claims
and then offer a download of a "free" scanner/removal tool. Guess what
they do? (Note: there are probably genuinely helpful sites out there
but there are some bad actors, as well, so be careful.)
A Win32::*-gen detection *is* a potential threat but the -gen, for
"general," suffix indicates that Avast has not detected a specific
strain. There's a judgment call as to whether to flag something that
might be a problem but it isn't certain.
I've actually had this particular alert hit fairly often. It seems to
be triggered most often by executables compiled years ago (i.e., using
older library code, perhaps) that can alter other files. For example
the "ci" and "rcs" components of RCS, which I've been using for a long
time. Also a CRC installer, used to place a CRC value into loadable
Intel hex files for embedded processors, that I wrote and compiled.
I'm pretty sure I didn't build it with a rootkit component.
Too many false positives and the tool is a pain in the arse and nobody
will want to use it. But one false negative and the game's over.
Avast does appear to have added exceptions for the false positives
which I've reported.
Re: Avast false positive?
Ok thanks for the informative reply. Yeah I wasted a lot of time trying
to figure out if this virus was real and was not happy about that.
It's the first false positive I've had with Avast. I like their program
but it's a little too intrusive for my tastes. It used to be that only
Kaspersky was good at detecting trojans for me, but I guess they've
improved detection rates with programs like Avast.
I never click on those scare popup, they just remind me that I forgot to
popups are gone. There are so many of these nowadays, like the crap that
facebook keeps sticking in my face (I will never join them).
Yeah you're probably right, the program I was running is very old, but
it was only on the latest update that avast reported the virus.