Win32:Evo-Gen (Susp)

[REDACTED]

Hello everyone,

I've been having this problem for a couple of days now. I've probably downloaded an infected file or something, possibly in a torrent. Since then I've had hundreds of Avast!-notifications saying how it has dealt with a certain threat labeled as "Win32:Evo-Gen (Susp)". I have Googled a bit about this, and to me it seems to be a bit of malware. Ususally not such a big deal, so I tried scanning with Avast!. This didn't really work though, so I decided to download the Kaspersky tdss-killer. When this didn't pick up anything either, I downloaded Malware Bytes' Anti Malware program. This picked up  486 infected files, so I thought this might have solved the problem, but after those files had been put in quarantine, the Avast!-notifications still continued. I'm kind of desperate now, so any help would be appreciated a lot.

All the Avast!-notifications lead to either a web address (clearly spam/malware sites judging by the names..), a file named "svchost.exe" or a specific location in a temporary files folder.

Please help! 

Thijs

[Asyn]

Attach your basic logs. (MBAM, FRST and aswMBR..!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[Pondus]

I downloaded Malware Bytes' Anti Malware program. This picked up  486 infected files,

attach that log so that we can see what

[REDACTED]

Avast is currently doing a start-up scan (it's detecting quite a lot of infected files), so I'll report back here as soon as that is done.

[REDACTED]

Here they are. Do you require any more logs?

[essexboy]

Could you attach a screen shot of one of the alerts please

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
CHR HKLM-x32\...\Chrome\Extension: [khcceooakamlehbimaepcldnnlnkcmfk] - C:\Program Files (x86)\SaveSense\SaveSense.crx [2014-08-02]
Task: {2EF1A20C-86AF-4E37-903C-CCA53EAE96EC} - \BitGuard No Task File <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[REDACTED]

Here are the logs you asked for.
I would've happily added screenshots of some of the alerts, but I haven't had any. I'd almost say the problem is fixed. 

[essexboy]

Looks like you must have had adware city

How is the computer behaving now ?

[REDACTED]

I haven't had any more alerts since this morning. It seems to be solved.
Thanks for the help essexboy, you made my day! 10/10 would ask again.

[REDACTED]

Give your machine a good workout over the next day or two.  Essexboy will need to remove tools on your machine he used to remove malware.  If something starts acting strange with your machine in the meantime, report back here immediately with details.  Essexboy will return after you use your machine to make sure all is working good to remove his tools and give you some suggestions.  Thank you.

[essexboy]

When you are happy do the following :

Subject to no further problems   

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Download and run Delfix




Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware



Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe  :wave: