Hello,

This happened two days ago. I saw that my PC was very slow while booting. I suspected the add-ons of my game (Garry’s Mod) to cause this slowdown, as they can sometimes take a lot of space and RAM.

In the game contents, there is a built-in batch file to restore the game to its factory settings, by deleting all new content and add-ons. As i got a lot of unnecessary add-ons, i started this batch file, and rebooted to see if anything changed.

The boot sequence was a lot faster this time, and i got to the logon screen almost instantly. But then, something happened. While i was in Windows Explorer to see if the add-ons were removed. Avast became crazy and sent this message :

[b]Threat blocked!

File path: C:/…(avast did not show the full path)…/Name of file (i can’t remember it. It looked like a bunch of random capital lettres an numbers, and looked like hexadecimal code.)

Infection type: IDP.ALEXA.51[/b]

Have you already saw this type of scenario and infection ? I searched on Goole and some say it’s a kind of spyware. I have also searched through the whole C drive, but found nothing.

Please answer.

https://forum.avast.com/index.php?topic=194892.0

Hi The Game2,

Just present the demanded log files and wait for a qualified remover to apear to assist you with eventual cleansing.

However there is a possibility of this being a FP (legacy of a once AVG detection).
Did the message appear after a restart of Windows 8.1?
Was there any association with files like Seamonkey.exe & Ammsetup(1).tmp?

Genuine infection with this malware always comes after a suspicious or malicious download from a malicious URL.
Signs of infection, slow computer, high on CPU and RAM and even system crashes.

So present the demanded logfiles and wait for one of our qualified malware removal experts.

polonus

In fact, i am under Windows 10, i never played SeaMonkey, and this alert appeared with a completely different filename that Seamonkey . exe or Ammsetup(1) . tmp (my filename looked like an hexadecimal name) and avast didn’t show the extension.

I also need to know where i can find the log files.

Follow the link in Reply #1 from Eddy.

There are the log files (Transferred from PC )
Sorry if these logs are in French.

For info, i just noticed that the popup and filename looked exactly the same than this :
https://forum.avast.com/index.php?action=dlattach;topic=202866.0;attach=192466;image

Image found in this thread :
https://forum.avast.com/index.php?topic=202866.0

I have sent the log files, but no answer since yesterday morning.

Learn to have patience.
The people here are all real people and do have their own lives.

O.K. For me, it just seemed strange to have such a delay.

P.S : I clicked on “INDEPENDENT Support… etc.” and i was brought to hxxp://chat.ache.nl
Do you know what it is ?

• Open Notepad (click Start button → type notepad.exe → press Enter)
• Copy text from code block below and paste it into Notepad

Task: {BACBCAFE-601B-4DA8-95B1-00102DBBBC34} - System32\Tasks\App Explorer => C:\Users\Bastien\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2016-09-17] (SweetLabs, Inc) <==== ATTENTION
C:\Users\Bastien\AppData\Local\Host App Service
EmptyTemp:

• Go to File → Save As
• Make sure that UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Please attach screenshot of Avast blocked popup.

Here is the log.

P.S : Which “Threat Blocked” image ?.

If Avast message still show after reboot take screenshot of it.

For the five days since the alert was given, i rebooted many times. There was no Avast alert, but i was sure something happened in the C/ drive.

Finally, i rebooted this morning after the fix, made a little text and 3d simulation, scanned the PC with Avast, and nothing happened.

• The following will implement some post-cleanup procedures:

=> Please download [https://toolslib.net/downloads/finish/2-delfix/[b][u]DelFix[/u][/b][/url] by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

P.S : I clicked on "INDEPENDENT Support.... etc." and i was brought to http://chat.ache.nl Do you know what it is ?

I did it.
Now, what must i do with this file ?

I did the procedure and i have the DelFix.txt file.

Now, what must i do with this file ?

Whatever you want. DelFix has removed the Tools used by Sass Drake …log should say so

So, the PC is now clean ? ???

P.S. : Sorry to have posted twice the same message !