Hello,
I received the following threat warning earlier:
Given that I did not perform a scan myself, and that the following threat popped up while I was not actively at my computer, I assume Avast must have detected an action occurring in the background. While the warning above mentions the source being Windows' PowerShell, I did not have one actively open myself, which means that some other program must have tried to run it.
The file in question, "UNINSTALLEXCHANGE.PS1", seems to have been located in the /SETUP folder of my Avast installation, although I currently cannot find it in there anymore. Perhaps Avast deleted it from there upon issuing the warning? Given the name of the file, it sounds like some program tried to uninstall Avast, although I might of course be wrong.
I have, of course, tried to already search on Google to find further information on my situation, but unfortunately have not found much. The only relevant link I found is the following: https://discuss.elastic.co/t/kv-filter-dont-split-on-field-split-pattern-once/165431, where someone (suspiciously?) seems to want to run a certain command using PowerShell on the aforementioned file. However, given the short excerpt of their code, I cannot come to a conclusion on what exactly it is they tried to do.
I would perhaps have put it aside as a false positive, but the fact that something happened in the location Avast itself was installed in, without my knowledge, seems somewhat worrying.
I would really appreciate any help regarding this, as I am worried that my PC might have gotten infected.
Thank you very much!
I received the following threat warning earlier:
Given that I did not perform a scan myself, and that the following threat popped up while I was not actively at my computer, I assume Avast must have detected an action occurring in the background. While the warning above mentions the source being Windows' PowerShell, I did not have one actively open myself, which means that some other program must have tried to run it.
The file in question, "UNINSTALLEXCHANGE.PS1", seems to have been located in the /SETUP folder of my Avast installation, although I currently cannot find it in there anymore. Perhaps Avast deleted it from there upon issuing the warning? Given the name of the file, it sounds like some program tried to uninstall Avast, although I might of course be wrong.
I have, of course, tried to already search on Google to find further information on my situation, but unfortunately have not found much. The only relevant link I found is the following: https://discuss.elastic.co/t/kv-filter-dont-split-on-field-split-pattern-once/165431, where someone (suspiciously?) seems to want to run a certain command using PowerShell on the aforementioned file. However, given the short excerpt of their code, I cannot come to a conclusion on what exactly it is they tried to do.
I would perhaps have put it aside as a false positive, but the fact that something happened in the location Avast itself was installed in, without my knowledge, seems somewhat worrying.
I would really appreciate any help regarding this, as I am worried that my PC might have gotten infected.
Thank you very much!