Page 1 of 1

V14 SR3 install reported as infected with

Posted: Sat Aug 02, 2014 9:00 am
by jrbarnett
I've just download self installing V14 SR3 installer and went to install it to upgrade from SR2. My antivirus (Avast) reported that it found Win32:Evo-Gen in the setup.exe file and quarantined it.

I think that this is a false positive, ie I don't for one minute think that this is actually infected, but you should be aware.

http://malwaretips.com/blogs/win32evo-gen-susp-virus/

John

Re: V14 SR3 install reported as infected with

Posted: Sat Aug 02, 2014 6:52 pm
by FileViewer
My antivirus (Avast) reported that it found Win32:Evo-Gen in the setup.exe file and quarantined it.

Which file did you download?

I tried to reproduce the problem with Avast, but couldn't.

Can you please test the file you downloaded with the Avast Online Scanner? (just google "avast online scanner")

Re: V14 SR3 install reported as infected with

Posted: Sun Aug 03, 2014 6:39 am
by jrbarnett
I downloaded the self installing 32 bit version of V14.exe. Everything was fine until I double clicked it to install, and the setup.exe file extracted from it was quarantined during the installation.

I have run it past the avast online scanner and both the v14.exe and setup.exe flie separately and both were clean. I have therefore reported the setup.exe file to avast as a false positive.

Re: V14 SR3 install reported as infected with

Posted: Fri Aug 08, 2014 1:06 pm
by jrbarnett
I have now got around this by temporarily disabling the background scanner and installing the latest version.

Re: V14 SR3 install reported as infected with

Posted: Wed Aug 27, 2014 6:40 pm
by rmassone
Having both the installer and most of the binary files digitally signed is definitely useful to check the file integrity. Just right click the suspicious file, select Properties, move to the Digital Signatures tab and view the signature details.

I think that it may also be useful to have some file checksum info available on the download page just to assist with the zipped distributions.
The checksums may be provided for each downloadable file and in a dedicated summary page where each file included in the distribution is listed (sadly some binary files from third parties are not digitally signed and can get easily tampered).

Regards,
--
Renato Massone