Suspicious Activity alert

My avast! home version 4.6 is set to scan files on opening them. Sometimes I get a white alert box that says something like this:

[b]Avast! has detected suspicious activity. Write file: C:... SYSTEM\ATMENUXX.HLP (or some other file name) Yes No Ignore [/b]
I assume that "Yes" means "Go ahead and allow the file to be written to (or modified)" and that "No" means "Don't allow the file to be written to." What does "Ignore" do?

Also, I recently had a dialog like the above and chose “Yes.” Shortly after, I did a thorough virus scan of my entire HD and no viruses were found. Does this mean that whatever process was trying to write to or modify the file was a normal process? If so, is there any way for a user to tell if a “suspicious activity” is truly dangerous or if it is simply a harmless, normal process?

Thanks all.

Ignore = Ignore this message and just continue.

The file you mentioned is harmless. It is part of the ATI software

Did you change the Behavior Blocker settings?
I don’t think it’s a good idea for a newbie or anyone that is not used to avast.
Let the default ones.
Suspicious activity could be harmless, could not. You need to ‘think’ on which process is starting the activity, is it legit? You didn’t ask for this action… So, it could be a virus activity. Otherwise, not. We can’t give you a ‘fixed’ rule, yes or no, depends.

Thank you Eddy and Tech. Eddy, you are right. I did a search for “ATMENUXX.HLP” and it does have something to do with ATI (video card, I assume?) files.

Tech, when you say “Behavior Blockers” are you referring to something in avast! Pro? (I’m using the home version.) But if you’re referring to the “Blocker” tab of the Resident Protection (Standard Shield), then I can tell you that I’ve left all the settings at their defaults.

Something just came to me about my original post, so I’d like to ask about it (no major issue, just curious): When the message said Write file: C:… SYSTEM\ATMENUXX.HLP, I assumed that some outside process was trying to write to (modify) the file ATMENUXX.HLP. But does it actually mean that the file ATMENUXX.HLP. is (somehow) trying to write something to my computer? (Or “install” itself or “add” itself during startup, which is when I get that message?)

Thanks all.

No. Home version.

Yes, the blocker tab of settings.

But after all, did you solve your problem?

Sorry for my late reply, Tech.

To answer your question, I still get that Suspicious Activity Alert message from time to time; but it’s always for the same file (or similar files, which are ATI files). From Eddy’s advice (also in this thread), I’ve gathered that the “suspicious activity” concerning those files is actually harmless and normal.

So in that case, I would say my problem is solved. :wink: I just click “ignore” in the dialog box if I get the alert and go about my business. As I mentioned, I’ve done a complete virus scan after getting that type of alert before and it shows no infected files.

Thanks. :slight_smile:

:slight_smile: Hopefully when you get these types of “Alerts”, you also
run antiSPYWARE scan(s) to see if they detect anything !?
And you have a software firewall that may give “Alerts”
as well !?