Hi! About three weeks ago I started to get alerts about “Win32:Evo-gen” when Windows 7 starts. Both webshield and fileshield. It has happened random times, not every boot. Here are some more details and needed logs also as attachments:
Haven’t got today after running the fixes, but didn’t get before running them today either. Actually what confuses me is it, that when they started to appear about 3 weeks ago the alerts comes randomly. I mean they doesn’t come with every boot or every day, but about once in week in different days like the reports says I posted in my first post. After they have appeared I’ve did Temp cleaning with CCleaner, but after some time they comes again with same kind of files locating to Temp with another name coming from different domains. I still have two recent infected files in Quarantine if that helps.
Today the alerts appeared again. I discovered that they are caused by Updater.exe of Popcorn Time. I uninstalled Popcorn Time and ran TFC and FRST. I don’t think it’s a false positive, because it seems that the Updater.exe of Popcorn Time is really trying to download those random .exes from suspicious websites and trying to drop them to Temp folder. There seems to be similar situation http://www.reddit.com/r/PopCornTime/comments/2kjivd/updaterexe_setting_off_avast_alerts/. I also attached the fresh logs of FRST.
At least not during the last reboot. Strange thing anyway. I think I’m gonna make a reclamation to Popcorn Time developers. Big thanks for helping and if the alerts reappear I’ll be in touch again.