These forums are read-only. Please send questions and feedback by email.

V14 SR3 install reported as infected with

Use this forum to ask any questions and to submit bug reports

Moderator: vuser

jrbarnett
Posts: 5
Joined: Sat May 10, 2014 6:08 am

V14 SR3 install reported as infected with

Postby jrbarnett » Sat Aug 02, 2014 9:00 am

I've just download self installing V14 SR3 installer and went to install it to upgrade from SR2. My antivirus (Avast) reported that it found Win32:Evo-Gen in the setup.exe file and quarantined it.

I think that this is a false positive, ie I don't for one minute think that this is actually infected, but you should be aware.

http://malwaretips.com/blogs/win32evo-gen-susp-virus/

John

FileViewer
Site Admin
Posts: 287
Joined: Fri Apr 30, 2010 5:50 pm

Re: V14 SR3 install reported as infected with

Postby FileViewer » Sat Aug 02, 2014 6:52 pm

My antivirus (Avast) reported that it found Win32:Evo-Gen in the setup.exe file and quarantined it.

Which file did you download?

I tried to reproduce the problem with Avast, but couldn't.

Can you please test the file you downloaded with the Avast Online Scanner? (just google "avast online scanner")

jrbarnett
Posts: 5
Joined: Sat May 10, 2014 6:08 am

Re: V14 SR3 install reported as infected with

Postby jrbarnett » Sun Aug 03, 2014 6:39 am

I downloaded the self installing 32 bit version of V14.exe. Everything was fine until I double clicked it to install, and the setup.exe file extracted from it was quarantined during the installation.

I have run it past the avast online scanner and both the v14.exe and setup.exe flie separately and both were clean. I have therefore reported the setup.exe file to avast as a false positive.

jrbarnett
Posts: 5
Joined: Sat May 10, 2014 6:08 am

Re: V14 SR3 install reported as infected with

Postby jrbarnett » Fri Aug 08, 2014 1:06 pm

I have now got around this by temporarily disabling the background scanner and installing the latest version.

rmassone
Posts: 2
Joined: Fri Nov 01, 2013 4:07 pm

Re: V14 SR3 install reported as infected with

Postby rmassone » Wed Aug 27, 2014 6:40 pm

Having both the installer and most of the binary files digitally signed is definitely useful to check the file integrity. Just right click the suspicious file, select Properties, move to the Digital Signatures tab and view the signature details.

I think that it may also be useful to have some file checksum info available on the download page just to assist with the zipped distributions.
The checksums may be provided for each downloadable file and in a dedicated summary page where each file included in the distribution is listed (sadly some binary files from third parties are not digitally signed and can get easily tampered).

Regards,
--
Renato Massone


Return to “General Support”

Who is online

Users browsing this forum: No registered users and 26 guests