Author Topic: Suspicious Activity alert  (Read 4805 times)

0 Members and 1 Guest are viewing this topic.

Yvonne

  • Guest
Suspicious Activity alert
« on: September 25, 2005, 02:04:55 AM »
My avast! home version 4.6 is set to scan files on opening them. Sometimes I get a white alert box that says something like this:

Quote
Avast! has detected suspicious activity.
Write file:  C:... SYSTEM\ATMENUXX.HLP (or some other file name)
Yes          No          Ignore

I assume that "Yes" means "Go ahead and allow the file to be written to (or modified)" and that "No" means "Don't allow the file to be written to." What does "Ignore" do?

Also, I recently had a dialog like the above and chose "Yes." Shortly after, I did a thorough virus scan of my entire HD and no viruses were found. Does this mean that whatever process was trying to write to or modify the file was a normal process? If so, is there any way for a user to tell if a "suspicious activity" is truly dangerous or if it is simply a harmless, normal process?

Thanks all.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31130
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Suspicious Activity alert
« Reply #1 on: September 25, 2005, 02:36:46 AM »
Ignore = Ignore this message and just continue.

The file you mentioned is harmless. It is part of the ATI software

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Suspicious Activity alert
« Reply #2 on: September 26, 2005, 01:27:53 AM »
Avast! has detected suspicious activity.
If so, is there any way for a user to tell if a "suspicious activity" is truly dangerous or if it is simply a harmless, normal process?
Did you change the Behavior Blocker settings?
I don't think it's a good idea for a newbie or anyone that is not used to avast.
Let the default ones.
Suspicious activity could be harmless, could not. You need to 'think' on which process is starting the activity, is it legit? You didn't ask for this action... So, it could be a virus activity. Otherwise, not. We can't give you a 'fixed' rule, yes or no, depends.
The best things in life are free.

Yvonne

  • Guest
Re: Suspicious Activity alert
« Reply #3 on: September 30, 2005, 04:25:52 AM »
Thank you Eddy and Tech. Eddy, you are right. I did a search for "ATMENUXX.HLP" and it does have something to do with ATI (video card, I assume?) files.

Tech, when you say "Behavior Blockers" are you referring to something in avast! Pro? (I'm using the home version.) But if you're referring to the "Blocker" tab of the Resident Protection (Standard Shield), then I can tell you that I've left all the settings at their defaults.

Something just came to me about my original post, so I'd like to ask about it (no major issue, just curious): When the message said Write file:  C:... SYSTEM\ATMENUXX.HLP, [/color][/b] I assumed that some outside process was trying to write to (modify) the file ATMENUXX.HLP.[/b] But does it actually mean that the file ATMENUXX.HLP.[/b] is (somehow) trying to write something to my computer? (Or "install" itself or "add" itself during startup, which is when I get that message?)
 
Thanks all.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Suspicious Activity alert
« Reply #4 on: September 30, 2005, 04:40:40 AM »
Tech, when you say "Behavior Blockers" are you referring to something in avast! Pro? (I'm using the home version.)
No. Home version.

But if you're referring to the "Blocker" tab of the Resident Protection (Standard Shield), then I can tell you that I've left all the settings at their defaults.
Yes, the blocker tab of settings.

But after all, did you solve your problem?
The best things in life are free.

Yvonne

  • Guest
Re: Suspicious Activity alert
« Reply #5 on: October 16, 2005, 11:03:53 PM »
Sorry for my late reply, Tech.

To answer your question, I still get that Suspicious Activity Alert message from time to time; but it's always for the same file (or similar files, which are ATI files). From Eddy's advice (also in this thread), I've gathered that the "suspicious activity" concerning those files is actually harmless and normal.

So in that case, I would say my problem is solved.  ;) I just click "ignore" in the dialog box if I get the alert and go about my business. As I mentioned, I've done a complete virus scan after getting that type of alert before and it shows no infected files.

Thanks.  :)

Spiritsongs

  • Guest
Re: Suspicious Activity alert
« Reply #6 on: October 17, 2005, 05:19:30 PM »
 :) Hopefully when you get these types of "Alerts", you also
     run antiSPYWARE scan(s) to see if they detect anything !?
     And you have a software firewall that may give "Alerts"
     as well !?