How to Remove Win32:Evo-gen [Susp] from Windows

Win32:Evo-gen [Susp] is a process that you may find on your computer that’s related to Heuristic analysis technology that antivirus programs such as Avast Antivirus and Avast Internet Security use to detect new viruses.

To be clear, the Win32:Evo-gen [Susp] process isn’t in itself a virus but rather a process that your antivirus runs to make sure you aren’t getting a virus. This is still true if you’re scanning for malware and getting a false positive relating back to the Win32:Evo-gen [Susp] process.

The following tutorial demonstrates how to remove the malware from your computer.

Method One: How to Remove Browser Hijacker by Resetting Browser to Default Settings and Cleaning Up Browser

If you see some of these problems, you might have malware installed on your computer. If the malware is secluded to the browser, you should be able to remove it by resetting the browser’s settings.

• Pop-up ads continuously interrupting your web browsing experience
• New browser tabs loading websites which differentiate from your defaults selected
• Unwanted web browser extensions and toolbars keep coming back
• The web browser redirects to webpages or ads that you did not request
• Fake alerts regarding a virus or an infected device

You can avoid this unwanted software in the future by only downloading files from secure sites.

Do step 1, step 2, or step 3 depending on what it is that you would like to do.

1. To Reset Google Chrome

Here is how you can reset the browser settings from the Settings and more menu in Google Chrome:

a. Click on the Settings and more (Alt+F) three-dotted menu icon, and then click on the Settings link from the menu. (click to enlarge screenshot below)

b. Scroll down and then click on Advanced at the bottom of the page. (click to enlarge screenshot below)

c. Under the Reset and clean up heading, click on the Restore settings to their original defaults link. (click to enlarge screenshot below)

d. From the Reset settings overlay, click on the Reset settings button. (click to enlarge screenshot below)

e. Under the Reset and clean up heading once again, click on the Clean up computer link. (click to enlarge screenshot below)

f. Next to where it says Find and remove harmful software, click on the Find button. (click to enlarge screenshot below)

You can now close the Google Chrome web browser and continue using your computer if you like.

2. To Reset Mozilla Firefox

Here is how you can reset the browser settings from the Settings and more menu in Firefox:

a. Click on the Settings and more three-lined menu icon, and then click on the Help link. (click to enlarge screenshot below)

b. Click on the Troubleshooting Information link. (click to enlarge screenshot below)

c. Click on the Refresh Firefox button. (click to enlarge screenshot below)

d. Click on the Refresh Firefox button when you get the confirmation dialog box.

You can now close the Mozilla Firefox browser and continue using your computer if you like.

3. To Reset Microsoft Edge

Here is how you can reset the browser settings from the Settings and more menu in Microsoft Edge:

Notes:

• As of January 2020, the new Chromium-powered Microsoft Edge browser has been made generally available, and it comes with a built-in Potentially Unwanted Program (PUP) blocker. It will not have helped you in preventing any malware yet because Microsoft has the Potentially Unwanted Program blocker turned off by default. The reason for this is because it’s still debated whether a PUP is indeed malware since some PUPs can prove useful to some people, hence the term “potentially” in Potentially Unwanted Program.
• In times past, you would have had to reset the Microsoft Edge browser from the Settings application in Windows 10. That did not make much sense if Microsoft wanted people who use other operating systems to use their web browser. And since alternative operating systems are gaining additional market share, it meant that many Mac users, in particular, could not reset Edge. In the updated Chromium-powered version of Edge, Microsoft has made a change so you can now reset the browser from its settings, similar to what you would find with Google Chrome. They have also removed the option to reset the browser from the Settings app.

a. Click on the Settings and more (Alt+F) three-dotted menu icon, and then click on the Settings link from the menu. (click to enlarge screenshot below)

b. From the Settings menu, click on the Reset Settings link. (click to enlarge screenshot below)

Note: You only see the left Settings menu that you need is you have expanded the browser window so that it is large enough to show up.

c. Under the Reset settings heading, click on the Restore settings to their default values link. (click to enlarge screenshot below)

d. From the Reset settings overlay, click on the Reset button. (click to enlarge screenshot below)

You can now close the Microsoft Edge browser and continue using your computer if you like.

While resetting and cleaning up your web browser may remove the malware from the browser directly, it is possible, depending on the malware, that there are still associated malicious files leftover on the Windows operating system. These leftover files can cause malware to change the browser’s settings again. If you need to take further action because you suspect malware is continuing to change your browser’s settings, you ought to continue with another method below that either removes the malware via a built-in antivirus like Microsoft Defender or a third-party antimalware program.

Method Two: How to Remove Win32:Evo-gen [Susp] in Windows Using Windows Defender in Windows 10

Windows 10’s default antivirus program, Microsoft Defender, (known as Windows Defender before the Windows 10 November 2019 Update) doubles as very good antivirus and antimalware protection. The term “antimalware” is a more modern version of the term “antivirus” because a multitude of malicious programs exist today rather than computer viruses alone. Microsoft Defender finds all sorts of malware and is antimalware that keeps the traditional antivirus name to avoid confusion. That said, Microsoft Defender still might not remove a Potentially Unwanted Program (PUP) on your computer until you enable the PUP protection first. If you tried an antivirus/antimalware scan with Microsoft Defender and the malware was not found, you can try enabling the PUP protection and try again before installing third-party software on your computer.

See also: How to Use Malicious Software Removal Tool in Windows 10

Note: The terms “Potentially Unwanted Programs” (PUPs) and “Potentially Unwanted Applications” (PUAs) are interchangeable. When referring to misleading software installed as a bundle or without users’ consent, common antimalware programs use the term “PUP;” however, Microsoft prefers “PUA” in Windows 10.

Part One: How to Enable or Disable Microsoft Defender PUA Protection in Windows 10

When removing Potentially Unwanted Programs from your computer with the default Microsoft Defender antivirus, you should enable PUP protection first. Here is how to do that:

Option One: How to Enable or Disable Microsoft Defender PUP Protection in Windows PowerShell

1. Open an elevated Windows PowerShell. See this tutorial to read all the different ways in which you can open the elevated version of the Windows PowerShell: How to Open Elevated Windows PowerShell in Windows 10

2. If you are prompted by User Account Control, click on the Yes button.

3. Type one of the following commands into the Windows PowerShell window, depending on what you want to achieve, and then press the Enter key on your keyboard to execute it:

To Enable Microsoft Defender PUA Protection:
Set-MpPreference -PUAProtection 1
or
Set-MpPreference -PUAProtection Enabled

To Disable Microsoft Defender PUA Protection (Default):
Set-MpPreference -PUAProtection 0
or
Set-MpPreference -PUAProtection Disabled

Audit Mode – detects PUPs, but does not block them:
Set-MpPreference -PUAProtection 2
or
Set-MpPreference -PUAProtection AuditMode

4. Restart the computer before attempting to run a new Microsoft Defender antivirus scan that searched for extra PUPs.

You can now close the Windows PowerShell window and continue using your computer if you like.

Option Two: How to Enable or Disable Microsoft Defender PUA Protection in Local Group Policy Editor

Notes:

• You can only use this option from the Local Group Policy Editor starting from Windows 10 version 1809.
• The Local Group Policy Editor is only available in Pro, Enterprise, and Education editions of Windows 10.
• Though Microsoft changed the name Windows Defender to Microsoft Defender in Windows 10 version 1909, as of yet, the Local Group Policy Editor has not been updated to reflect this change. Should there come a time when the following path no longer works, try exchanging Windows Defender for Microsoft Defender in the Local Group Policy Editor where applicable.

1. Open the Local Group Policy Editor (gpedit.msc). See this tutorial to read all the different ways in which you can open the Local Group Policy Editor: How to Open Local Group Policy Editor in Windows 10

2. Using the Local Group Policy Editor’s left pane, navigate through to the following location:

Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus

3. With Windows Defender Antivirus selected, click on Configure detection for potentially unwanted applications from the right pane. (click to enlarge screenshot below)

4. From the Configure detection for potentially unwanted applications policy, select either Not Configured (to turn off Windows Defender PUP protection), Enabled (to turn on Windows Defender PUP protection), or Disabled (to turn off Windows Defender PUP protection). (click to enlarge screenshot below)

Note: If selecting Enabled, a drop-down menu appears in the Options window that offers additional options to configure the group policy if you like. For example, from the drop-down menu, you can select Blocked which means the Configure detection for potentially unwanted applications policy will be enabled, and the potentially unwanted programs will be blocked from being downloaded onto your computer. It is suitable for most people to select Blocked from the drop-down menu in the Options window to stop PUPs getting onto your computer in future.

You can now close the Local Group Policy Editor and continue using your computer if you like.

Part Two: How to Manually Scan Files, Folders, and Drives with Microsoft Defender in Windows 10

Windows 10 provides the latest antivirus protection with Windows Security. Your device will be actively protected from the moment you start Windows 10. Windows Security continually scans for malware (all types of malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protected from threats.

Some features differ if you are running Windows 10 in S mode. Because this mode is streamlined for tighter security, the Virus & threat protection area has fewer options. However, that does not mean it is less secure—the built-in security of this mode automatically prevents viruses and other threats from running on your device, and you will receive security updates automatically.

Microsoft Defender automatically scans your system periodically, so it should pick up and remove any malware on your computer by itself over time. If you need a quick solution, Microsoft Defender also allows for manual scans so that you can scan any location on the operating system immediately.

Note: The Microsoft Defender antivirus application shown below comes out of the box on all versions of Windows 10, the latest version of Windows operating system. If you are running an older version of Windows, such as Windows 7, then you can skip to one of the next parts that shows you how to install a third-party antimalware application instead.

Option One: How to Scan with Microsoft Defender Using Context Menu

Here is how you can run an antivirus scan with the built-in Microsoft Defender antivirus program from the context menu of a file or folder:

Notes:

• The Windows Security is available in all versions of Windows 10 after version 1703.
• While Microsoft has changed the name from Windows Defender to Microsoft Defender as of Windows 10 version 1909, most locations around Windows, including the context menu via File Explorer, still list the older Windows Defender name. Should there come a time when the following path no longer works, try clicking on Scan with Microsoft Defender… instead of Scan with Windows Defender… from the context menu instead.

1. From File Explorer, select the drive, folder, or file that you suspect may contain the potential malicious program.

2. Right-click on Scan with Windows Defender from the context menu. (click to enlarge screenshot below)

3. When the scan completes, Windows Security will open and show you the results. The total time for the scan to complete will vary. Scanning drives will take the longest, while scanning individual files the quickest. (click to enlarge screenshot below)

Notes:

• • The Windows Security application used to be called the Windows Defender Security Center in previous versions of Windows 10. All the settings within the app remained the same after the name change.
  • Starting with Windows 10 version 1803, the app has two new areas: Account protection and Device security.

a. If there are no threats found, Windows Security will let you know as much in the same region where it previously show you the scan was underway. (click to enlarge screenshot below)

b. If there are threats found, however, it will let you know there are threats found, as well as the threat names and location in the same area. (click to enlarge screenshot below)

4. To remove any threats found, click on the Start actions button. (click to enlarge screenshots below)

Note: Clicking on Start actions will result in Windows Security removing the threat immediately.

You can now close the Windows Security app and continue using your computer if you like.

Option Two: Scan with Microsoft Defender in Windows Security

Here is how you can run an antivirus scan with the built-in Microsoft Defender antivirus program from the Windows Security app:

1. Open Windows Security. See this tutorial to read all the different ways in which you can open Windows Security in Windows 10: How to Open Windows Security in Windows 10

2. Click on the Virus & threat protection icon in Windows Security’s Security at a glance page. (click to enlarge screenshot below)

3. Do step 4, step 5, step 6, or step 7 depending on what it is that you would like to do.

4. To Run a Quick Scan with Microsoft Defender

a. Click on the Scan now button. (click to enlarge screenshot below)

5. To Run a Full Scan with Microsoft Defender

a. Select Full scan and then click on the Scan now button. (click to enlarge screenshot below)

6. To Run a Custom Scan with Microsoft Defender

a. Select Custom scan and then click on the Scan now button. (click to enlarge screenshot below)

7. To Run an Offline Scan with Microsoft Defender

a. Select Windows Defender Offline scan and then click on the Scan now button. (click to enlarge screenshot below)

8. Select the file, folder, or drive that you want to scan and then click Select Folder. (click to enlarge screenshot below)

9. Microsoft Defender starts scanning the option that you chose. (click to enlarge screenshot below)

10. When the scan completes, you get the results in numbers. (click to enlarge screenshot below)

11. If there are threats found, however, it will let you know there are threats found, as well as the threat names and location in the same area. (click to enlarge screenshot below)

12. To remove any threats found, click on the Start actions button. (click to enlarge screenshots below)

Note: Clicking on Start actions will result in Windows Security removing the threat immediately.

You can now close the Windows Security app and continue using your computer if you like.

Option Three: How to Scan with Microsoft Defender from Windows PowerShell

Here is how you can run an antivirus scan with Microsoft Defender from the Windows PowerShell:

1. Open the Windows PowerShell. See this tutorial to read all the different ways in which you can open the Windows PowerShell application in Windows 10: How to Open Windows PowerShell in Windows 10

2. Type the command below that best suits your needs and then press the Enter key on your keyboard to execute it.

Update and Quick scan:
Update-MpSignature; Start-MpScan -ScanType QuickScan

Quick scan:
Start-MpScan -ScanType QuickScan

Full scan:
Start-MpScan -ScanType FullScan

You can now close the Windows PowerShell window and continue using your computer if you like.

Option Four: How to Scan with Microsoft Defender from Command Prompt

Here is how you can run an antivirus scan with Microsoft Defender from the command line:

Note: Though Windows Defender has been renamed to Microsoft Defender, Microsoft has not yet updated the commands to reflect this change. Should there come a time when the following commands no longer work, try exchanging Windows Defender for Microsoft Defender in the commands where applicable.

1. Open the Command Prompt. See this tutorial to read all the different ways in which you can open the Command Prompt application in Windows 10: How to Open Command Prompt in Windows 10

2. Type the command below that best suits your needs and then press the Enter key on your keyboard to execute it. (click to enlarge screenshot below)

Update and Quick scan:
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Quick scan:
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Full scan:
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 2

You can now close the Command Prompt window and continue using your computer if you like.

Method Three: How to Remove Win32:Evo-gen [Susp] Using Malwarebytes

If scanning with the Windows Security antimalware protection doesn’t remove Win32:Evo-gen [Susp], you can try installing third-party antimalware tools instead, such as Malwarebytes, and see if that removes the search hijacker instead. You can also use an antimalware program such as Malwarebytes to remove the extensions and all other related files remaining on your computer, so you don’t have to do any of it manually.

Note: Malwarebytes also has an application for smartphones that run on Android and iOS.

The iOS version will be very similar, apart from needing to use the Apple App Store in place of the Google Play Store. You will not have any problems finding it because your iOS software only comes with the Apple App Store.

1. Visit the Malwarebytes official website and download the tool for your computer by clicking on the “Free Download” link.

Unlike many other tools out there today that say it’s a free download and then list a bunch of things your PC doesn’t need to be fixed before asking you to pay a hefty fee with your credit card to fix them, Malwarebytes does allow you to download, install, and use the tool free for 14 days. All you need to do is run the tool once to fix the problem you have, and if you want to continue using the tool long term, so it’s scanning your computer periodically, then you can sign up to the premium version.

2. If you get a web browser warning about files such as these potentially harming your device, click on the Keep button to proceed with the download.

Malwarebytes is a tool trusted by millions of people around the world and will not harm your device. Windows just can’t distinguish all files yet and so you sometimes see a warning such as this one even though the file is trustworthy.

3. Click on the Malwarebytes executable file once the downloads completes. (If you need to, you can also access it by heading to the Dtart menu > File Explorer > This PC and then opening up the Downloads folder.

4. If prompted by User Account Control (UAC) click on the “Yes” button.

5. From the Select Setup Language dialog, click on the drop-down menu to select your language such as English and then click on the OK button.

6. When it asks where are you installing Malwarebytes, click on either Personal computer or Work computer, depending on which one makes sense for you, and then click on the Continue button.

7. Click on the Agree and Install button when you get to the license agreement and privacy policy.

8. Wait a few moments for Malwarebytes to install on the computer.

9. Click on the Finish button when you get to the screen where it lets you know that the Malwarebytes installation is complete.

10. A few moments later the Malwarebytes interface will automatically open on the computer for you. Make sure you’ve selected Dashboard from the left pane and then click on the Scan Now button.

11. Malwarebytes lets you know how the progress of the scan is going while it goes to work. Wait for the scan to complete.

12. From the scan results, make sure all the threats that you want to be removed are checked by clicking on each of the associated checkboxes and then click on the Quarantine Selected button.

13. The threats are now held in “Quarantine” and are no longer on the computer.

You can now close the Malwarebytes program if you like.

If you ever want to delete Malwarebytes from the computer, you can do that by finding the list of applications and uninstalling it as you would any other app. Should you choose to uninstall Malwarebytes in the future, it will not mean that the computer is infected with the malware again. The malware remains off the computer (unless you were to install it again accidentally).

That’s all.