So I know this has been a topic before but I am having this issue with Avast popping up an error saying blocked due to - Win 32:Evo-gen [Susp] help - now this is popping up on a WEB site not on a file downloading! I am trying to watch movies on SkyGo! Which you would think is a very safe site! plus really there is no really downloading going on as I am either watching live telly or streaming Movies!
Can someone please tell me how to fix this as Avast is now blocking it! Not happy… It has only been happening for the last 2 days! I have run a virus check and noting!
I’ve notified TwinheadedEagle to assist you. From the looks of it, it’s not a website but a file attempting to launch. It also looks like you at once had a Rogue AV…
A Rogue AV is a Fake Anti-Virus. I could’ve mis-read the MBAM sig for it. And as for SkyGo, I don’t know much about it, I’d have to do a lot of digging, Looks legit but files can be faked easily. The ending on the file .dll (Driver) and .xap (Which is used for Phones and Silverlight stuff). I’d say Avast! flagged it for the Driver and silverlight file and .xap is not a common file type. For now please refrain from using SkyGo until it’s deemed clean.
If you wouldn’t mind, find the file and upload and test it here: www.virustotal.com. Report what it finds back.
To avoid confusion I won’t try and explain it. Please wait for Twin to come help you. Once he’s arrived and reviewed your logs he can tell what’s happening and explain it too you.
I’m not a complete noob at tech I just can’t understand how a web site I have been using for months has suddenly become ‘suspicious’. I run regular scan with avast which is supposed to stop this… if its not what am I actually paying for? I update daily and all that… how can I stop Avast from scanning that page?
So please do try to explain… or will it get too technical for a girl like me???
It wasn’t meant to insult you. But given I don’t have thr training of Twin, Essex and all of the removers here. I’m not in a position to be offering explantions.
As for the question about Avast! and paying for it. Avast! will never have a 100% detection ratio. I use Avast! and Comodo on my system. Again, won’t block everything.
To stop the scanning of the page go to the Avast! UI (Right click the Icon) > Open Avast! User Interface > Settings (The little gear) > Antivirus > Exclusions > URL tab > And enter the URL.
From where I see it, the Objects are attempting to launch the site. In malware terms the files could be calling home to install more viruses.
I can get Polonus to do a more indepth analysis if you would like. If after that and Twin everything is clean you can report it as a FP to Avast! and have it Whitelisted globally.
Edit: I have to go to bed. It’s nearing 11PM here.
[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click Scan button and wait until the full scan is complete;
[*]Click Save … - save the report to the Desktop (named Gmer );
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Execute TDSSKiller.exe by doubleclicking on it. Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Not happy… It has only been happening for the last 2 days! I have run a virus check and noting!