Author Topic: Need explanation of "Threat blocked" message  (Read 898 times)

0 Members and 1 Guest are viewing this topic.

Offline coffent

  • Newbie
  • *
  • Posts: 16
Need explanation of "Threat blocked" message
« on: May 20, 2021, 10:54:19 PM »
I got a popup window saying "Threat blocked.  We've blocked UNINSTALLEXCHANGE.PS1 because it was infected with IDP.ALEXA.53", and saying "File path:  [my program folder]\AVAST\SETUP\UNINSTALLEXCHANGE.PS1" and "Process:  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe".

There is no file named UNINSTALLEXCHANGE.PS1 in the folder ...\AVAST\SETUP.  Was it there before and Avast has moved it?  Is UNINSTALLEXCHANGE.PS1 an Avast file?  If so, why would it be infected?  The only changes I've made to Avast have been to accept their periodic updates.

What does "Process" signify?  Did powershell.exe call UNINSTALLEXCHANGE.PS1?  While I installed Windows Powershell on my computer a couple of years ago, I've used it rarely if at all, and certainly not recently, and definitely didn't try to access an Avast file, which before now I didn't even know existed.

Offline rocksteady

  • Super Poster
  • ***
  • Posts: 1316
Re: Need explanation of "Threat blocked" message
« Reply #1 on: May 21, 2021, 10:48:13 AM »
You may wish to read this thread: https://forum.avast.com/index.php?topic=237825.0

Offline coffent

  • Newbie
  • *
  • Posts: 16
Re: Need explanation of "Threat blocked" message
« Reply #2 on: May 21, 2021, 09:05:35 PM »
Thanks for the suggestion.  One suggestion at the link you supplied was to send the file to VT (https://www.virustotal.com) for evaluation.  I couldn't find any way to find the file in Avast's "Virus Chest" so I opted to have Avast restore the file.  However it doesn't seem to have done so, as it doesn't exist at the specified location.  I ran another scan using Avast and it turned up nothing this time.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86921
  • No support PMs thanks
Re: Need explanation of "Threat blocked" message
« Reply #3 on: May 21, 2021, 10:43:24 PM »
Thanks for the suggestion.  One suggestion at the link you supplied was to send the file to VT (https://www.virustotal.com) for evaluation.  I couldn't find any way to find the file in Avast's "Virus Chest" so I opted to have Avast restore the file.  However it doesn't seem to have done so, as it doesn't exist at the specified location.  I ran another scan using Avast and it turned up nothing this time.

For future reference, there is an option in the virus chest to Send for analysis.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security