Pop-up message

I have been getting an AVAST pop-up message about “win64:coinminerX-gen” several times a day for several months. All scans (full, targeted) did not find anything.
I have posted this question before and responded to AVAST support by sending them a screenshot - no response (lousy customer service…).
Can anybody help to get rid of this malware ? And why AVG finds it but does not remove it ??

Were you intending to visit the site ?
If not start by clearing your browser cache and cookies,including 3rd party cookies and restart your browser.
If that resolves it you should be good to go.
If it doesn’t try running your browser with add-ons disabled.

If that resolves it, have you added or updated any add-ons ?
If so try disabling that add-on - and restart and try again.

I do not understand a question “Were you intending to visit the site ?” Which site are you talking about ? And how does that relate to my problem ??

David, I will follow your advice. And no, I have not added or updated any add-ons for couple years now…

Clean your browser so we can have our advice on everything.

Did you actually make the connection to the site, or did it happen without your intention ?

The site that you get notified about in the Alerts.

Finding why the alerts are occurring could lead to the solution. And the reason for the questions and actions to try and pinpoint why it is happening.

Add-ons could well be updating without your knowledge.

If you have more than one browser, is this happening on that also ?

  1. Pop-up does not point to the site, it points to a “sppsvc.exe” program. Multiple scans find it clean
  2. I use only Chrome as browser
  3. I have cleaned the browser as suggested. Pop-up still happening

I am attaching a screenshot

And why AVG finds it but does not remove it ??
Avast and AVG is the same program
1) Pop-up does not point to the site, it points to a "[b]sppsvc.exe[/b]" program. Multiple scans find it clean

Upload sppsvc.exe to www.virustotal.com and scan it
Post link to scan result here

Here is the link with scan results :

https://www.virustotal.com/gui/file/fc075f7b39e86cc8ef6da4e339fe946917e319c347ac70fb0c50aaf36f97e27f/detection

A old Microsoft system file (click the details tab) possible false positive ?

Send it to avast lab for a check
https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

  1. What do I send to Avast Lab - the link of Virus Total scan results or ??
  2. How do I send it to Avast Lab ?
1) What do I send to Avast Lab - the link of Virus Total scan results or ??

the file you uploaded to VirusTotal

2) How do I send it to Avast Lab ?

Report a suspected false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

Done

Question that I have : assuming it is a false positive detection, why Virus Total says “File is not signed” ? File properties also do not list any digital signature

Signed or not is not related to detected or not. Lots of software developers out there that dont have signed files, but yes it may help to avoid FP

Affected systems program (sppsvc.exe) is a Microsoft module so seems unlikely they have not signed it…

https://answers.microsoft.com/en-us/windows/forum/all/executables-supposedly-from-microsoft-dont-have/ecb4e905-b492-418e-91ae-61e1eee38a17

https://www.reddit.com/r/Malware/comments/qsf951/is_it_normal_for_executables_supposedly_from/

Good info.

Note that only one AV engine (Cynet) pointed to a module in question during VirusToral scan. The reason was “File is not signed”. So as you said FP is quite possible…
One of the most interesting of my questions is that Avast full scan does not determine a problem, but quarantines the module and issues a threat alert… Hopefully Avast Lab will respond soon and mystery will be solved

Per your suggestion sent screenshots to Avast Labs. Got a response back that it was determined as FP ans database was updated. A week later I am still getting pop-ups. I have emailed new screenshots to support but no meaningful responses.
Very disappointed. Considering switching to a different AV engine.

That is what i did