Win32:Evo-gen [Susp]

Viruses and worms
1

Hello again. Thanks for your prompt response with the sirefef issue on my gf’s laptop. This is a separate issue on a separate computer. I first detected the virus by doing a full scan on Avira. Sadly, it hadn’t prompted me on this virus earlier and I suspect this one might have been here for a while already.

I installed Avast on this computer as well and all the applications (Avira, Avast, Malwarebytes…) seem to have a different name for this one. I ran the scans by your instructions and the logs are attached.

I hope you can help me out with this one as well. Thank you in advance.

2

Hi what is the file and location reported by Avast ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL [2012.07.08 18:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perkele\Application Data\Alegap [2012.07.08 18:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perkele\Application Data\Soce [2012.07.08 18:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perkele\Application Data\Houro [2012.07.06 10:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perkele\Application Data\Ylatxi [2012.07.06 10:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perkele\Application Data\Opxe [2012.07.06 10:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Perkele\Application Data\Dosy

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

3

The first run was stopped by the antivirus software, but the second run went smoothly.

4

Not a lot showing there what is Avast reporting ?

5

The only thing Avast caught upon was the Alcohol.exe, which it couldn’t check due to password encryption. Can it be malicious? Avast didn’t flag it as a threat, just said that it couldn’t check it.

Thank you very much for your help on this one.

6

Avast will be unable to check anything that is password protected… But it is not a problem whilst it is encrypted