What is Win32:Evo-gen [Susp]?
Win32:Evo-gen [Susp] is a threat identified by Avast Anti-virus products. This is a typical malware that targets the core system of Windows in order to complete its tasks. Win32:Evo-gen [Susp] was made to execute a series of commands once it gets inside the system. It will gather data like system settings, Windows version, network configuration, and so on. Collected data will be sent to remote attacker for analysis.
Threat behavior
Installation
In general, system will get infected with Win32:Evo-gen [Susp] if malicious code is executed on the computer. Source of this trojan may vary due to the changing ways how it is deployed. Typically, spam email messages disguising as open letter from reputable institution are used to deceive recipients. Body of the message contains enticing phrases that tries to convince user into opening the attached file.
Malicious links from social media sites and instant messaging program are also seen as method used in distributing Win32:Evo-gen [Susp]. Illegally distributed software and media materials may also contain code that can lead to the infection of this malware.
Payload
In order to run itself on Windows start-up, Win32:Evo-gen [Susp] will make a copy of itself under system files. Then, registry entry is created to call the file on each Windows boot-up. Apart from that, this malware will also drop non-malicious files on various folders of the compromised PC. Win32:Evo-gen [Susp] occasionally connects to a remote host to execute tasks like the following:
- Notify attacker on the new infection
- Sends gathered data from the infected computer
- Download and execute additional files including an updated version of the trojan
- Accept command from a remote attacker
Symptoms
There is not much obvious symptom from this malware. Win32:Evo-gen [Susp] operates silently in the background. However, Avast Anti-virus may alert you on the presence of this trojan.
How can you remove Win32:Evo-gen [Susp]?
To totally remove Win32:Evo-gen [Susp] from the computer and get rid of relevant viruses, please execute the procedures as stated on this page. Make sure that you have completely scan the system with suggested malware removal tools and virus scanners.
Step 1 : Scan the computer with Norton Power Eraser
1. Download Norton Power Eraser from the link below. Save the file on your hard drive.
2. Once the download completes, double-click on the file NPE.EXE to run the program.
3. You will be prompted with End User License Agreement. Please click on Accept to continue.
4. Norton Power Eraser will check for the most recent version. Then, the main window will appear. Click on Scan for Risks to the scan and removal process for Win32:Evo-gen [Susp].
5. By default, Norton Power Eraser was configured to perform rootkit scan. This is essential to get rid of Win32:Evo-gen [Susp] or other relevant malware. To accomplish this, you will need to restart the computer. Please click Restart button.
6. After restarting Windows, the program will check for possible database update and then, proceeds with the scan. It may take a while, please wait for the scan process to complete.
7. Once scanning is done, Norton Power Eraser will display a list of threats including Win32:Evo-gen [Susp]. Review identified threats and remove/repair them from the PC by clicking on Fix Now button.
8. If you are prompted to restart the computer in order to complete the virus removal process, please click on Restart Now.
Step 2 : Run Sophos Virus Removal Tool
1. Download Sophos Virus Removal Tool from the link below. Save the file to your Desktop so that we can access the file easily.
2. After downloading, navigate to the file location and double-click it. This will start the instllation procedure. User Account Control will prompt if you want to run the program, click Yes to continue.
3. On initial launch of the program, it will display a Welcome Screen as shown in the image below. Click Next to start the installation procedure.
4. Next, you need to accept the license agreement before Sophos Virus Removal Tool can be installed onto the computer. Choose 'I accept the terms in the license agreement'. Then, click Next button.
5. On the next prompts, please click appropriate button to proceed. At the end of the installation process, it will display InstallShield Wizard Completed. Just leave the Launch Sophos Virus Removal Tool with a check mark. Then, click Finish.
6. The tool will download necessary updates so Internet connection is required at this point. Lastly, Sophos Virus Removal Tool displays the welcome screen.
7. Click on Start Scanning button to begin checking the system for presence of rootkit and virus. The tool reveals items that were found linked to Win32:Evo-gen [Susp]. It also detects and removes other malicious files.
Thanks for the help! I haven’t finished the process but still, thanks a lot!
hell this thing is wasting my time and i cant get rid of it……….
Thanks you very much… I was tired of this virus.