Orange Forum • View topic - Win32:Evo-gen [Susp] detection upon orange installation

Win32:Evo-gen [Susp] detection upon orange installation

A place to ask questions about methods in Orange and how they are used and other general support.

Win32:Evo-gen [Susp] detection upon orange installation

Postby Ayalew » Mon Sep 02, 2013 10:24

I recently (30th Aug. 2013) downloaded the full package of Orange 2.7 for windows from http://orange.biolab.si/ to install it on my PC. However, towards the end of the installation process my antivirus (avast) reports that a suspicious file has been detected and blocked. Hereunder is how it reports:

SUSPICIOUS FILE BLOCKED
avast! File System Shield has blocked a threat.
No further actions required.
Object: C:\Python27\Lib\site-packages\Orange\orange.pyd
Infection: Win32:Evo-gen [Susp]
Action: Moved to chest
Process: C:\...\orange-win-w-python-snapshot-hg-2013-08-30-py2.7.exe
The threat was detected and blocked when the file was created or modified.

Hence, though the installation process finished and icon is created on the desktop I can not open orange. I am also unable to import it into PythonWin.

In the virus chest, right-clicking on the file and scanning the file doesn't detect any virus. I also did a quick scan of my computer using Malwarebytes but nothing was detected. I thought of uninstalling the software and reinstalling it with antivirus's security shield temorarily disabled but I felt afraid in case what the antivirus reports is right.

How should I go about next? I badly need your kind support.

Regards!

Re: Win32:Evo-gen [Susp] detection upon orange installation

Postby Ales » Tue Sep 03, 2013 13:05

Metascan online does not detect any threats. It is probably a false positive.

Re: Win32:Evo-gen [Susp] detection upon orange installation

Postby Ayalew » Tue Sep 03, 2013 16:01

Thank you Ales.

Two files namely orangene.pyd and orangeom.pyd are detected as suspicious files by avast and have been moved to avast virus chest. Hence I cannot access them for scanning by Metascan Online. However I scanned two related files with a .pyd extension namely orange.pyd and orangeqt.pyd. Nothing was detected in orange.pyd by all antiviruses in Metascan online. But one of the antiviruses called QuickHeal reported "Suspicious" for orangeqt.pyd. I also tried to scan the full-package orange software (orange-win-w-python-snapshot-hg-2013-08-30-py2.7) using Metascan but it was impossible as the file is more than 80 MBs.

What would you advise me?

Thanks in advance for your kind help.

Re: Win32:Evo-gen [Susp] detection upon orange installation

Postby Ales » Thu Sep 05, 2013 15:22

I have tracked the problem to the use of upx to compress the binaries and have disabled it in the build scripts and rebuild all installer packages. All .pyd files (at least for Python 2.7) now pass metascan.

However I was unable to install Avast to check if the installation passes. Can you please download the latest installer and check if it works?

Re: Win32:Evo-gen [Susp] detection upon orange installation

Postby Ayalew » Fri Sep 06, 2013 9:22

Thank you Ales for your unreserved help.
I have tracked the problem to the use of upx to compress the binaries and have disabled it in the build scripts and rebuild all installer packages.

Could you please tell me the steps for disabling and rebuilding?

Thanks again.

Re: Win32:Evo-gen [Susp] detection upon orange installation

Postby Ales » Fri Sep 06, 2013 9:46

Ayalew wrote:Could you please tell me the steps for disabling and rebuilding?
You don't have to do that.

Just download the latest Orange installer and run it .

Re: Win32:Evo-gen [Susp] detection upon orange installation

Postby Ayalew » Fri Sep 06, 2013 13:23

As you said, the latest (9th Sept. 2013) version of Orange installer successfully installed Orange on my PC. I am now able to launch Orange programme from the desktop shortcut and am also able to import it into PythonWin.

Thank you so much for the valuable help.


Return to Questions & Support