Funny Behaviour (Possible EVo-gen)

The last detection I got was an EVO-GEN alert from avast on my temp folder while I was seaching on a webpage. It seemed nothing serious since Avast got it. No problems on the next 2-3 days. Now I started my PC, my network didn’t responded, I cant update avast, I cant update malwarebytes, I cant surf the web. I restarted my router, all remained the same. I restarted my pc on safe mode and I was able to update malwarebytes and run a scan, it found nothing. I restarted and now everything seems normal EXCEPT I can’t update windows (some firewall definiton update).

It is VERY suspicious. Logs attached.

Start with deleting PC-Doctor and SPybot S&D.

PC-Doctor has something to do with AlienAutopsy from Alienware I think. I used Spybot the last 6 years. Are they nasty?

Spybot is not nasty, but it is kinda obsolete since it lacks many updates.
The preferred alternative at this time is Malwarebytes.

PC-Doctor is known for not doing what it promises and for spreading adware.

Ok. Pc Doctor is not listed on my installed programs, its probablly added to AlienAutopsy installation. Spybot can be removed, but since Malwarebytes free has no resident option, Ill have only Avast and I feel somewhow a little bit unprotected XD

My Google account, FB account etc have been sistematically hijacked, so I think it was an infection. I did fromat C: and regained control of the accounts.

I have a system partition (C:) and a file patition (D:). I only formated system partition, could have the virus survived the format procedure?

I think the virus survived the format procedure. I’m having the same issues again. I need serious help here. Uploading new logs. Seems to be something very sneaky, no detections, no symptoms except for one restart where I don’t have internet connection and the antivirus don’t work. Then, on the next restart everything seems fine. What the hell I got here?

Hi darth_shaker,

And welcome to the forums.

Since you’ve posted logs twice, only the newest will be reviewed by your malware expert. Please make no changes to your system whilst under his care; this would include any new software installations you may be considering to put in; no other than the requested malware diagnostic programs and any others your malware expert may request you to run. In other words, the fastest way to cleanse your system is to follow directions exactly and refrain also from doing anything else with your system until you are given the all clear and your system is in known clean state.

A certified malware expert has been contacted for you and will be along shortly.

Hope this helps.

On my wait I noticed a couple of things about avast, but I don’t know if they’re normal or not. The first one is real-time shields and updates show as disabled (though it updates and the main scrreen says everyting is ok), and the other thing is a list of exclusions I did not put in there. I’m using avast free btw.

Is there any news from this?

Have you tried avast repair option? … from ad/remove programs…

Misteriously the avast issue got fixed on its own. A couple of days after the post it showed like this. The issue I am actually worried about is the original one. I had no troubles happening this week, but I can be matter of time if the malware is still there.

Not a lot apparent there, what are your current problems ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

2014-10-11 11:18 - 2014-10-11 14:32 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

I’m having no issues at the moment, but the logs are quite old, I can upload fresh ones if you consider it necesary. If nothing is found, we can consider this thread closed. Many thanks in advance.

No, if you are happy then so am I :slight_smile: