Author Topic: Pop-up message  (Read 2145 times)

0 Members and 1 Guest are viewing this topic.

Offline ingez2000

  • Newbie
  • *
  • Posts: 13
Pop-up message
« on: February 02, 2024, 02:04:11 AM »
I have been getting an AVAST pop-up message about "win64:coinminerX-gen" several times a day for several months. All scans (full, targeted) did not find anything.
I have posted this question before and responded to AVAST support by sending them a screenshot - no response (lousy customer service...).
Can anybody help to get rid of this malware ?  And why AVG finds it but does not remove it ??

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88997
  • No support PMs thanks
Re: Pop-up message
« Reply #1 on: February 02, 2024, 02:08:38 AM »
Were you intending to visit the site ?
If not start by clearing your browser cache and cookies,including 3rd party cookies and restart your browser.
If that resolves it you should be good to go.
If it doesn't try running your browser with add-ons disabled.

If that resolves it, have you added or updated any add-ons ?
If so try disabling that add-on - and restart and try again.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ingez2000

  • Newbie
  • *
  • Posts: 13
Re: Pop-up message
« Reply #2 on: February 02, 2024, 02:27:16 AM »
I do not understand a question "Were you intending to visit the site ?"  Which site are you talking about ?  And how does that relate to my problem ??

Offline ingez2000

  • Newbie
  • *
  • Posts: 13
Re: Pop-up message
« Reply #3 on: February 02, 2024, 02:50:39 AM »
David, I will follow your advice. And no, I have not added or updated any add-ons for couple years now...

Offline New_Style_xd

  • Sr. Member
  • ****
  • Posts: 397
Re: Pop-up message
« Reply #4 on: February 02, 2024, 03:15:39 AM »
Clean your browser so we can have our advice on everything.
OS: Windows 10 PRO / Intel(R) Core(TM) i7-6500U CPU 2.60 GHz.
Real Time: Avast Premium Security: 24.2.6104 (compilação 24.2.8904.819) IU: 1.0.799
Moble: Avast Security: 24.3.0-1004091
VPN: Avast SecureLine VPN: 5.29.9498
On Demand: Malwarebytes: 4.6.9.314

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88997
  • No support PMs thanks
Re: Pop-up message
« Reply #5 on: February 02, 2024, 01:04:15 PM »
I do not understand a question "Were you intending to visit the site ?"  Which site are you talking about ?  And how does that relate to my problem ??

Did you actually make the connection to the site, or did it happen without your intention  ?

The site that you get notified about in the Alerts.

Finding why the alerts are occurring could lead to the solution.  And the reason for the questions and actions to try and pinpoint why it is happening.

David, I will follow your advice. And no, I have not added or updated any add-ons for couple years now...

Add-ons could well be updating without your knowledge.

If you have more than one browser, is this happening on that also ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ingez2000

  • Newbie
  • *
  • Posts: 13
Re: Pop-up message
« Reply #6 on: February 02, 2024, 01:46:46 PM »
1) Pop-up does not point to the site, it points to a "sppsvc.exe" program. Multiple scans find it clean
2) I use only Chrome as browser
3) I have cleaned the browser as suggested. Pop-up still happening

I am attaching a screenshot

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37522
  • Not a avast user
Re: Pop-up message
« Reply #7 on: February 02, 2024, 01:59:49 PM »
Quote
And why AVG finds it but does not remove it ??
Avast and AVG is the same program

Quote
1) Pop-up does not point to the site, it points to a "sppsvc.exe" program. Multiple scans find it clean

Upload sppsvc.exe to www.virustotal.com and scan it
Post link to scan result here



« Last Edit: February 02, 2024, 02:08:52 PM by Pondus »

Offline ingez2000

  • Newbie
  • *
  • Posts: 13
Re: Pop-up message
« Reply #8 on: February 02, 2024, 07:15:29 PM »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37522
  • Not a avast user
Re: Pop-up message
« Reply #9 on: February 02, 2024, 08:48:36 PM »
A old Microsoft system file (click the details tab) possible false positive ?

Send it to avast lab for a check
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


« Last Edit: February 02, 2024, 08:51:20 PM by Pondus »

Offline ingez2000

  • Newbie
  • *
  • Posts: 13
Re: Pop-up message
« Reply #10 on: February 02, 2024, 11:52:00 PM »
1) What do I send to Avast Lab - the link of Virus Total scan results or ??
2) How do I send it to Avast Lab ?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37522
  • Not a avast user
Re: Pop-up message
« Reply #11 on: February 03, 2024, 12:24:57 AM »
Quote
1) What do I send to Avast Lab - the link of Virus Total scan results or ??

the file you uploaded to VirusTotal


Quote
2) How do I send it to Avast Lab ?

Report a suspected false positive (select file or website)
https://www.avast.com/false-positive-file-form.php


Offline ingez2000

  • Newbie
  • *
  • Posts: 13
Re: Pop-up message
« Reply #12 on: February 03, 2024, 12:56:55 AM »
Done

Offline ingez2000

  • Newbie
  • *
  • Posts: 13
Re: Pop-up message
« Reply #13 on: February 04, 2024, 04:09:04 AM »
Question that I have : assuming it is a false positive detection, why Virus Total says "File is not signed" ?  File properties also do not list any digital signature

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37522
  • Not a avast user
Re: Pop-up message
« Reply #14 on: February 04, 2024, 11:31:16 AM »
Question that I have : assuming it is a false positive detection, why Virus Total says "File is not signed" ?  File properties also do not list any digital signature
Signed or not is not related to detected or not. Lots of software developers out there that dont have signed files, but yes it may help to avoid FP



« Last Edit: February 04, 2024, 11:45:08 AM by Pondus »