Avast WEBforum

Other => Viruses and worms => Topic started by: Zoart666 on July 23, 2019, 07:30:52 AM

Title: atieclxx.exe detected
Post by: Zoart666 on July 23, 2019, 07:30:52 AM

Hello,

Yesterday I was playing around with some settings in the radeon software and avast detected atieclxx.exe as a virus, can't remember the exact code, I think Ipd.alexa.51 but not entirely sure
I had to make an exception for the window to go away. But deleted the exception after and did another scan to see if it would detect it again. But nothing so far.

Log:

"[2019-07-22 18:46:26.288] [info   ] [manager    ] [ 1184: 7080] Get detection for hash 'C:\Windows\System32\DriverStore\FileRepository\c0344727.inf_amd64_bcc34be71d351e6c\B344591\atieclxx.exe'
[2019-07-22 18:46:26.288] [info   ] [manager    ] [ 1184: 7080]  - not found - create with action required '1'
[2019-07-22 18:46:26.288] [info   ] [detection  ] [ 1184: 7080] Window is closed - open
[2019-07-22 18:46:26.289] [info   ] [win_creator] [ 1184: 9596] opening window (C:\Windows\System32\DriverStore\FileRepository\c0344727.inf_amd64_bcc34be71d351e6c\B344591\atieclxx.exe)
[2019-07-22 18:46:26.289] [info   ] [manager    ] [ 1184: 9596] Get detection for hash 'C:\Windows\System32\DriverStore\FileRepository\c0344727.inf_amd64_bcc34be71d351e6c\B344591\atieclxx.exe'
[2019-07-22 18:46:54.443] [info   ] [detection  ] [ 1184: 7080] User choice - 'allow'
[2019-07-22 18:46:54.510] [info   ] [manager    ] [ 1184: 7080] Get detection for hash 'C:\Windows\System32\DriverStore\FileRepository\c0344727.inf_amd64_bcc34be71d351e6c\B344591\atieclxx.exe'
[2019-07-22 18:46:54.510] [info   ] [detection  ] [ 1184: 7080] Detection resolved
[2019-07-22 18:46:54.510] [info   ] [manager    ] [ 1184: 7080] Remove detection for hash 'C:\Windows\System32\DriverStore\FileRepository\c0344727.inf_amd64_bcc34be71d351e6c\B344591\atieclxx.exe'
[2019-07-22 18:47:00.358] [info   ] [win_creator] [ 1184: 9596] window closed (C:\Windows\System32\DriverStore\FileRepository\c0344727.inf_amd64_bcc34be71d351e6c\B344591\atieclxx.exe)"

I also checked the file's signature which is name of signer "Advanced Micro Devices Inc." and "Digest algorithm: Sha1"

Is this a false positive or is it an actual virus?

Title: Re: atieclxx.exe detected
Post by: polonus on July 23, 2019, 12:57:09 PM

Read about this Windows process here: https://www.file.net/process/atieclxx.exe.html
File stands for  AMD ATI External Events Client Module

In a worse case scenario this could be a process masked cryptoware.

Just wait for a malware remover to instruct you.

polonus

Title: Re: atieclxx.exe detected
Post by: Zoart666 on July 23, 2019, 01:35:54 PM

Quote from: polonus on July 23, 2019, 12:57:09 PM

Read about this Windows process here: https://www.file.net/process/atieclxx.exe.html
File stands for  AMD ATI External Events Client Module

In a worse case scenario this could be a process masked cryptoware.

Just wait for a malware remover to instruct you.

polonus

I have done a scan with malware bytes and avast. I did full system scan and a separate folder scan. They detect nothing.

I think avast did give me the option to remove it when it got detected, it did give me an option at least but I out it as an exception though removed it from the exception list shortly after.

Also couldn't it be worse than Cryptoware since that site says the thing can record keyboard stroked and monitor apps?

Title: Re: atieclxx.exe detected
Post by: Pondus on July 23, 2019, 03:42:30 PM

Quote

Is this a false positive or is it an actual virus?

you get answer from avast lab if you report it

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438