-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
android:evo-gen virus
- Thread starter Gimpchop
- Start date
RA_BH
Well-Known Member
The Avast web site, support forum, shows this:
https://forum.avast.com/index.php?action=search2
Appears to be a false-positive, but I haven't done an extensive search.
https://forum.avast.com/index.php?action=search2
Appears to be a false-positive, but I haven't done an extensive search.
Hi,
I have had Avast installed on my phone for awhile now, with always negative scans.
Suddenly today, without having installed any apps recently, when making a phone call I receive a notification from Avast stating that a Suspicious file detected - Android:Evo-gen. Clicking on more info shows that it is the com.android.phone that is affected. Avast solution is to uninstall the phone app, which the my smartphone obviously will not do.
Is this a false positive? Any way to uninstall and reinstall the phone app without trying a hard factory reset?
I have had Avast installed on my phone for awhile now, with always negative scans.
Suddenly today, without having installed any apps recently, when making a phone call I receive a notification from Avast stating that a Suspicious file detected - Android:Evo-gen. Clicking on more info shows that it is the com.android.phone that is affected. Avast solution is to uninstall the phone app, which the my smartphone obviously will not do.
Is this a false positive? Any way to uninstall and reinstall the phone app without trying a hard factory reset?
Hello,
I also the same message since this morning. I have rerun a whole scan and Avast did not identify anything until I receive or make a phone call.
Does anyone have any clue if what that is?
I also the same message since this morning. I have rerun a whole scan and Avast did not identify anything until I receive or make a phone call.
Does anyone have any clue if what that is?
From a quick Web search it seems that evo-gen is not a specific malware variant but a generic detection technique used by Avast. So it's used some heuristic and decided that some feature of your phone app or its behaviour looks in some way malwareish. I'd say that's not the same as a positive id.
A factory reset won't do anything except delete data. That's all it does. You'd have to reflash the phone completely (method depends on manufacturer) to replace the phone app (or reflash the ROM if rooted).
I'm a bit sceptical of this result, but obviously cannot tell for sure from this remove. But don't see how the phone app could have been replaced with an infected version on an unrooted device. Can't do more research at this moment, but I'd do a bit more reading, or get a second opinion from e.g. MalwareBytes, before panicking.
A factory reset won't do anything except delete data. That's all it does. You'd have to reflash the phone completely (method depends on manufacturer) to replace the phone app (or reflash the ROM if rooted).
I'm a bit sceptical of this result, but obviously cannot tell for sure from this remove. But don't see how the phone app could have been replaced with an infected version on an unrooted device. Can't do more research at this moment, but I'd do a bit more reading, or get a second opinion from e.g. MalwareBytes, before panicking.
Last edited:
I should add that my device is also unrooted.
Surely a factory reset would delete any updates / additional data associated with the phone app, restoring it to the state it was in when I first got the phone?
In any case I did just try a factory reset, and it made absolutely no difference. Reinstalled avast and its still detecting the phone app as suspicious. When I click more info, it shows the app as having the following permissions:
coarse (network based) location
fine (gps) location
read phone state and identity
read SMS or MMS
edit SMS or MMS
send SMS messages
read contact data
write contact data
modify secure system settings
Can anyone confirm whether the phone app is supposed to have all of these permissions (they all seem reasonable to me apart from possibly the modify secure system settings bit?)
Surely a factory reset would delete any updates / additional data associated with the phone app, restoring it to the state it was in when I first got the phone?
In any case I did just try a factory reset, and it made absolutely no difference. Reinstalled avast and its still detecting the phone app as suspicious. When I click more info, it shows the app as having the following permissions:
coarse (network based) location
fine (gps) location
read phone state and identity
read SMS or MMS
edit SMS or MMS
send SMS messages
read contact data
write contact data
modify secure system settings
Can anyone confirm whether the phone app is supposed to have all of these permissions (they all seem reasonable to me apart from possibly the modify secure system settings bit?)
These are standard for an Android Phone app, and nothing to worry about. The reason it needs permission to modify secure setting is simple; if a call comes in the app has to be able to over-ride things like the lockscreen to let you answer the call,
This blog post suggests that Evo-Gen is a detection technique developed by Avast to combat malware in Windows executables. This is borne out by the Malwarefixes description here and leads me to agree with the 'false positive' verdict.
Two of you having the same problem starting this morning is also a little suspicious - infections can come in batches, but so do false positives (the security software vendor updates their definitions and then things start being flagged). I've not found any other reports of this so far, either way.
funkylogik
share the love peeps ;)
I would 
Mommy2nevaeh05
Lurker
Same problem here. Started yesterday 7/4/15 around 5pm. Avast scan comes up clean, but as soon as I use my phone or get a phone call I get the virus warning. Anyone found a solution yet?
funkylogik
share the love peeps ;)
Seems like a problem at Avast:s end. Maybe someone email them
Solution - uninstall Avast, use something that's been properly tested, if you must use something.
Seriously, how hard is it to think to include making a phone call as part of the test suite for a phone app as invasive as security?
Seriously, how hard is it to think to include making a phone call as part of the test suite for a phone app as invasive as security?
sharonj588
Lurker
I have also had the same issue. A warning popped up when i received a call at 4:35pm july 5th. I ran a full scan and no issues. I am quite sure it is a false positive, and have reported it as such to Avast antivirus and changed my settings.
I also had the problem occur on July 5th and sent a ticket to Avast. I uninstalled the app because it was impossible to get calls this way.
After 3 days I received the following answer from Avast support (but only saw it today):
"Thank you for contacting Avast. This detection was a false positive caused from our side. We check apps (actually the code of these apps) for similarities with known viruses and if the app contains such similarities then it is marked as "suspicious" [Susp]. Avast Mobile Security will stop the detection of this app as soon as your virus definitions will be updated. We apologize for inconveniences."
After 3 days I received the following answer from Avast support (but only saw it today):
"Thank you for contacting Avast. This detection was a false positive caused from our side. We check apps (actually the code of these apps) for similarities with known viruses and if the app contains such similarities then it is marked as "suspicious" [Susp]. Avast Mobile Security will stop the detection of this app as soon as your virus definitions will be updated. We apologize for inconveniences."
funkylogik
share the love peeps ;)
^^at least they're honest
funkylogik
share the love peeps ;)
Yup