Win evo gen virus on my computer

Viruses and worms
1

Sorry if I am posting this twice - I think I may have lost the previous post on this?
Please help me get rid of this
Many thanks
Elaine

2

win32:Evo-Gen [susp] = suspicious … so a possible infection

what file was detected?
location of the file … full file path?

3

Hi
Sorry I did not save it and it is in the Avast! quarantine chest. I am not sure how to get it from there to send to you? As soon as it comes up as threat again I will copy it and send it.
Thanks

4

if it is in quarantine (chest) it will not come up again … and you find the info in avast chest
you may attach a screenshot of chest

5

Here you go
Thanks
Elaine

6

Sorry that was not a good shot! I am still figuring this out lol! Here is a better one showing the full thing

7

located in a temp folder so should not be anything to worry about

8

Hi
This is what comes up every time I login to the internet. Is it the same thing? And is it nothing to worry about?

’ hxxp://lightdation.com/?e=vdx&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=3046&dd=4&country=ZA&ind=8704325078232166055&exid=1409657167118899995&ssd=9385626505574178555&hid=7683492617198867070&osid=603

Infection
Win32:Evo-gen [Susp] '
9

Are you still getting the alerts ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM\...\Run: [360sd] => "C:\Program Files\360\360 Internet Security\360sdrun.exe" 2014-08-13 11:21 - 2014-08-13 11:21 - 00000000 _RSHD () C:\360SANDBOX 2014-08-13 11:20 - 2014-08-13 11:20 - 00000000 ____D () C:\Program Files\360 EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

10

Doing AdwCleaner now. Thanks.

11

Here is the AdwCleaner test file. Computer is very slow :frowning:

12

Right click the taskbar and select Task Manager
Select the Start Up tab
Right click and disable everything except for Avast and Classic shell

Reboot and let me know if that helps with the peed

13

Done. Still kind of stalls when loading a page, not running as smoothly as before I tried to get the South Africa vs Australia cricket for my husband, which caused the problem LOL! Shall I run delfix?

14

Yes please, also do you have your browser set to delete temp files on closing ?

15

Did the delfix but I do not know how to delete temp files on closing? Computer is really slow :frowning: Will check for your reply in the morning

16

For IE go to control panel > internet options
On the general tab tick “delete browsing history on exit”
Apply and then OK out
I will need to check out Chrome and Firefox as I do not use them

17

Just got a threat warning

URL
hxxp://30595022.9092390-ssl-cert.com/c.php?aid=260&lid=1954

Infection
URL:Mal

Is this something to be concerned about? Got the same thing yesterday morning…
Thanks
Elaine

18

Does that happen on a specific web page ?

19

Hi
Not sure - I had my yahoo mail open and I had facebook open? Will try to narrow it down in the morning and only open My Yahoo - then my yahoo mail - then my facebook page - and see which one the thingy pops up on :slight_smile:
Thanks

20

Hi
The URL Mal did not come up as a threat again this morning, so it seems to be sorted.
Thanks for the help
Have a wonderful day!