Author Topic: IDP.HELU inside video file?  (Read 2035 times)

0 Members and 1 Guest are viewing this topic.

Offline menziller

  • Jr. Member
  • **
  • Posts: 28
IDP.HELU inside video file?
« on: June 04, 2021, 07:14:12 PM »
I tried today, as many times in the past, to open inside my Win10 PC a recorded video file (.ts) coming from a PVR unit.
This time, however, the file seems to be broken (5GB size but just 1 minute reported length), but before throwing it away I wanted to try opening/converting it with some other software.
The reason for my posting here is that when I loaded the file with a video player (Media Player Classic) Avast issued an alarm saying something like:

videofile.ts has been blocked because it was infected with IDP.HELU.Autolt10.

After that not only the TS file was moved to the virus trash can but also the Media Player Classic EXE file disappeared from its program folder. Moreover, I was not able to find it inside the trash can and I also wasn't able to restore it from a backup because any attempt to do that was blocked by an "access denied" warning from the OS, despite me belonging to the system Administrators group.
The error went away after shutting down and restarting the system.

So, coming finally to my Avast-related questions:

1. does it make sense that a video file recorded from a free SAT channel by a PVR (not connected to the Internet) could contain a virus?
2. is it normal for the EXE file to disappear and to remain un-restorable until the system is rebooted?
3. can it be safe and useful to run some other party scanners (such as KVRT or tdskiller tools) while Avast antivirus is running?

Thanks in advance for any help.

Offline PDI

  • Avast team
  • Full Member
  • *
  • Posts: 159
Re: IDP.HELU inside video file?
« Reply #1 on: June 08, 2021, 10:51:45 AM »
Hi menziller,

ad 1) it's hard to answer without e.g. support package from your PC. I cannot tell why we think it was executed via autoit interpreter.
ad 2) yes, it's normal as we prevent to write to the location because of the possible reinfection. If you did a restore of the videofile.ts detection the AV'd recover even the Media Player Classic exe to it's location.
ad 3) we don't recommend to run more than one AV like solution on the system but it's on the user to install other software

Regards,
PDI

Offline menziller

  • Jr. Member
  • **
  • Posts: 28
Re: IDP.HELU inside video file?
« Reply #2 on: June 09, 2021, 09:43:38 AM »
Thanks for your answers.

In the first one you seem to confirm that a recorded video file coming from a PVR CAN actually contain a virus. Is that right?
I'm asking again because I didn't think such a thing could happen, especially considering that the PVR is not connected to any PCs or LANs or networks but only to the SAT cable and the USB key where recordings get saved.

As to the third point, I know your recommendation about avoiding the simultaneous installation and use of multiple AVs and I agree with it, but I was referring to scanners which don't require installation and can be run just once on demand, "on the fly", such as the ones I mentioned (KVRT or tdskiller).

Offline PDI

  • Avast team
  • Full Member
  • *
  • Posts: 159
Re: IDP.HELU inside video file?
« Reply #3 on: June 09, 2021, 05:02:26 PM »
Hi,

the detection rule doesn't depend on some specific file content so I won't tell yes or no. The detection thinks that the video file was executed via AutoIt which isn't common on normal systems.

ad 3) you can run it.

Regards,
PDI