rootkit win32 evo-gen susp

Viruses and worms
1

Hi! Avast find this rootkit “win32 evo-gen susp” and it is not able to remove it. The SO is win 8.1 and Avast version: 2014.9.0.2021.
How can I solve this problem? I have tried with a full scan and a boot-time scan.

Is it a false positive? Is it malicious?

Thank you in advance.

2

win32 evo-gen [susp] = suspicious

what is the file name and where is the detected file located … full file path?

3

Oh…sorry.

SVC:Waters2777MgrService>C:\WINDOWS\SysWOW64\Waters2777MgrService.exe

Thanks

4
SVC:Waters2777MgrService>C:\\WINDOWS\SysWOW64\[b]Waters2777MgrService.exe[/b]
upload and test file at www.virustotal.com if tested before, click rescan for a fresh result post link to scan result here
5

In addition, the boot-time scan revealed:
C:\Windows\System32\drivers\4cff408a-d9e7-47c3-a711-95133fcf7f45Gw64.sys.

Can you help me?
Thank you

6

see instructions https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

7

Is the last one a malware?

8

last what?

9

the virus you told me to scan gave this report:
https://www.virustotal.com/it/file/a4fa59914022bf2721d853ad4f02fa987ec740fcf377ddaada5ec9797f11adcd/analysis/1422711978/

the second problem I described, is it a malware?

10

I am sorry, but I don’t have a great experience with PC and virus…etc…

11
the second problem I described, is it a malware?
the requested logs from the guide i posted above will find out
12

no detection and file is new at VT First submission 2015-01-31 13:46:18 UTC ( 6 minutes ago )

CopyrightCopyright 2003 Product Waters2777MgrService Module Original name Waters2777MgrService.EXE Internal name Waters2777MgrService File version 4, 0, 5, 0 Description Waters2777MgrService Module
13

in other words “Waters2777MgrService Module” is a false positive…isn’t it?

14

maybe … maybe not, as it is very new we can say yet what it is … little info found online searching file name

follow instructions and attach requested logs https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

15

I am scanning with Malwarebytes.

Thank you…

16

here is attached the scanlog by malwarebyte.

There is no trace of the mentioned file “water…” nor of the other file!

I have just updated Avast at the latest version:it alerts me from “water” but it can’t delete it.

What can I do?

Thank you

17

now you continue with next tool farbar recovery scan tool attach the two diagnostic logs it produce
they are the important ones

when done a malware expert essexboy will check the logs and remove any leftover files

i see Malwarebytes removed lots of crap so there will be leftover files needed to be removed

18

here I am!!!
Thank you again!!!

19

now make coffee, relax and wait for essexboy to come and do his magic … it may take some time before he is online

20

ahahahahahah…ok. Is the PC required to be on?
You are the best!
:wink:

my last questions are: is Avast 2015 antimalware? Do I need malwarebytes again? what about farbar?
Thank you!