Problem with Win32:Evo-gen [susp] taskmgr.exe and winlogon.exe

[sleepless]

I keep getting a virus alert when I press CTRL+ALT+DEL to access the Windows task manager. Avast moves taskmgr.exe to the vault.

It says taskmgr.exe is infected with Win32:Evo-gen [susp]. It also mentions process winlogon.exe.


Yesterday I thought I'd solved the problem, and Avast didn't seem to detect anything when analysing winlogon.exe and taskmgr.exe, or when performing a full system scan.

But now it's back. I press CTRL+ALT+DEL and the alert pops up, sending taskmgr.exe to the vault again.


I also ran a scan with Malwarebytes, but nothing showed up.


I've googled a lot, and I found people with winlogon and evo-gen [susp] problems, but nothing related with taskmgr. And Avast says winlogon.exe is clean.

I'm clueless.



(I'm on Win XP SP3)


Screenshot (in spanish)

[Pondus]

right click the file in chest and upload to avast lab as false detection
you may give a link to this topic in case they reply here

[sleepless]

Ok.

I sent it to avast lab with a link to this topic.


Here's a screenshot of the alert message (in spanish):

[Cdick001]

I have the same problem,
What should I do now?

It has deleted my taskmgr.exe!
Now I cannot use it.
What should I do now?

[Pondus]

I have the same problem,
What should I do now?

It has deleted my taskmgr.exe!
Now I cannot use it.
What should I do now?

same as i told the one above to do....upload to avast lab

[Cdick001]

I have the same problem,
What should I do now?

It has deleted my taskmgr.exe!
Now I cannot use it.
What should I do now?

same as i told the one above to do....upload to avast lab

Dear sir,
I have go through the chest, it is not in the chest already.
And I have read the log, avast has already deleted my taskmgr.exe
I cannot upload anything to you, and now I have no taskmgr.exe to use with my Win XP.

[Pondus]

I have go through the chest, it is not in the chest already.
And I have read the log, avast has already deleted my taskmgr.exe

I dont think avast would delete a file detected as suspicious..... have you changed any of the default settings?

[essexboy]

I have just flashed up my XP and used task manager with no ill effects... Maybe your one was actually infected
I have placed a copy of my task manager in my dropbox here https://dl.dropbox.com/u/73555776/taskmgr.exe

[davexnet]

I'm on XP sp3 and my task manager opens fine.  Has anybody sent the suspect file to virustotal?

[Cdick001]

I'm on XP sp3 and my task manager opens fine.  Has anybody sent the suspect file to virustotal?

I did full a scan afterwards, it did not show any threats.
Let me get back a taskmgr.exe, and scan again.

I have just flashed up my XP and used task manager with no ill effects... Maybe your one was actually infected
I have placed a copy of my task manager in my dropbox here https://dl.dropbox.com/u/73555776/taskmgr.exe

Thanks!

[sleepless]

I replaced my taskmgr.exe (I have another PC with XP SP3) and now the warnings are gone.

Everything is clean, or so it seems.

[davexnet]

I checked my XP SP3, there is a second copy of the file in \windows\system32\dllcache.
Would malware typically attack both copies?

[essexboy]

Normally the dll cache copy should be safe