Problem with Win32:Evo-gen [susp] taskmgr.exe and winlogon.exe

Viruses and worms
1

I keep getting a virus alert when I press CTRL+ALT+DEL to access the Windows task manager. Avast moves taskmgr.exe to the vault.

It says taskmgr.exe is infected with Win32:Evo-gen [susp]. It also mentions process winlogon.exe.

Yesterday I thought I’d solved the problem, and Avast didn’t seem to detect anything when analysing winlogon.exe and taskmgr.exe, or when performing a full system scan.

But now it’s back. I press CTRL+ALT+DEL and the alert pops up, sending taskmgr.exe to the vault again.

I also ran a scan with Malwarebytes, but nothing showed up.

I’ve googled a lot, and I found people with winlogon and evo-gen [susp] problems, but nothing related with taskmgr. And Avast says winlogon.exe is clean.

I’m clueless.

(I’m on Win XP SP3)

Screenshot (in spanish)

http://i.imgur.com/pDIc4A1.jpg

2

right click the file in chest and upload to avast lab as false detection
you may give a link to this topic in case they reply here

3

Ok.

I sent it to avast lab with a link to this topic.

Here’s a screenshot of the alert message (in spanish):

http://i.imgur.com/pDIc4A1.jpg

4

I have the same problem,
What should I do now?

It has deleted my taskmgr.exe!
Now I cannot use it.
What should I do now?

5

same as i told the one above to do…upload to avast lab

6

Dear sir,
I have go through the chest, it is not in the chest already.
And I have read the log, avast has already deleted my taskmgr.exe
I cannot upload anything to you, and now I have no taskmgr.exe to use with my Win XP.

7
I have go through the chest, it is not in the chest already. And I have read the log, avast has already deleted my taskmgr.exe
I dont think avast would delete a file detected as suspicious..... have you changed any of the default settings?
8

I have just flashed up my XP and used task manager with no ill effects… Maybe your one was actually infected
I have placed a copy of my task manager in my dropbox here https://dl.dropbox.com/u/73555776/taskmgr.exe

9

I’m on XP sp3 and my task manager opens fine. Has anybody sent the suspect file to virustotal?

10

I did full a scan afterwards, it did not show any threats.
Let me get back a taskmgr.exe, and scan again.

Thanks!

11

I replaced my taskmgr.exe (I have another PC with XP SP3) and now the warnings are gone.

Everything is clean, or so it seems.

12

I checked my XP SP3, there is a second copy of the file in \windows\system32\dllcache.
Would malware typically attack both copies?

13

Normally the dll cache copy should be safe