• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

android:evo-gen virus

Gimpchop

Lurker
Jun 10, 2015
2
0
Hi I'm looking looking for advice just recently my avast mobile antivirus has reported a android:evo-gen virus in phone on my HTC one M8. I would like to know how to know how to get rid of it or is it a false possative. I have googled it and can't find any info on it thanks.
 
Hi,

I have had Avast installed on my phone for awhile now, with always negative scans.

Suddenly today, without having installed any apps recently, when making a phone call I receive a notification from Avast stating that a Suspicious file detected - Android:Evo-gen. Clicking on more info shows that it is the com.android.phone that is affected. Avast solution is to uninstall the phone app, which the my smartphone obviously will not do.

Is this a false positive? Any way to uninstall and reinstall the phone app without trying a hard factory reset?
 
Upvote 0
Hello,

I also the same message since this morning. I have rerun a whole scan and Avast did not identify anything until I receive or make a phone call.

Does anyone have any clue if what that is?



Hi,

I have had Avast installed on my phone for awhile now, with always negative scans.

Suddenly today, without having installed any apps recently, when making a phone call I receive a notification from Avast stating that a Suspicious file detected - Android:Evo-gen. Clicking on more info shows that it is the com.android.phone that is affected. Avast solution is to uninstall the phone app, which the my smartphone obviously will not do.

Is this a false positive? Any way to uninstall and reinstall the phone app without trying a hard factory reset?
 
Upvote 0
From a quick Web search it seems that evo-gen is not a specific malware variant but a generic detection technique used by Avast. So it's used some heuristic and decided that some feature of your phone app or its behaviour looks in some way malwareish. I'd say that's not the same as a positive id.

A factory reset won't do anything except delete data. That's all it does. You'd have to reflash the phone completely (method depends on manufacturer) to replace the phone app (or reflash the ROM if rooted).

I'm a bit sceptical of this result, but obviously cannot tell for sure from this remove. But don't see how the phone app could have been replaced with an infected version on an unrooted device. Can't do more research at this moment, but I'd do a bit more reading, or get a second opinion from e.g. MalwareBytes, before panicking.

Hi,

I have had Avast installed on my phone for awhile now, with always negative scans.

Suddenly today, without having installed any apps recently, when making a phone call I receive a notification from Avast stating that a Suspicious file detected - Android:Evo-gen. Clicking on more info shows that it is the com.android.phone that is affected. Avast solution is to uninstall the phone app, which the my smartphone obviously will not do.

Is this a false positive? Any way to uninstall and reinstall the phone app without trying a hard factory reset?
 
Last edited:
Upvote 0
I should add that my device is also unrooted.

Surely a factory reset would delete any updates / additional data associated with the phone app, restoring it to the state it was in when I first got the phone?

In any case I did just try a factory reset, and it made absolutely no difference. Reinstalled avast and its still detecting the phone app as suspicious. When I click more info, it shows the app as having the following permissions:

coarse (network based) location
fine (gps) location
read phone state and identity
read SMS or MMS
edit SMS or MMS
send SMS messages
read contact data
write contact data
modify secure system settings

Can anyone confirm whether the phone app is supposed to have all of these permissions (they all seem reasonable to me apart from possibly the modify secure system settings bit?)
 
Upvote 0
Can anyone confirm whether the phone app is supposed to have all of these permissions

These are standard for an Android Phone app, and nothing to worry about. The reason it needs permission to modify secure setting is simple; if a call comes in the app has to be able to over-ride things like the lockscreen to let you answer the call,

This blog post suggests that Evo-Gen is a detection technique developed by Avast to combat malware in Windows executables. This is borne out by the Malwarefixes description here and leads me to agree with the 'false positive' verdict.
 
Upvote 0
I also had the problem occur on July 5th and sent a ticket to Avast. I uninstalled the app because it was impossible to get calls this way.
After 3 days I received the following answer from Avast support (but only saw it today):

"Thank you for contacting Avast. This detection was a false positive caused from our side. We check apps (actually the code of these apps) for similarities with known viruses and if the app contains such similarities then it is marked as "suspicious" [Susp]. Avast Mobile Security will stop the detection of this app as soon as your virus definitions will be updated. We apologize for inconveniences."
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones