![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Hi,
It could be false positive and incorrect detection .
Since the message is from Avast, I advise you to contact Avast's support.
Have a look at Home | Official Avast Support.
Hello, so I have little problem with virus.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
My avast is popping up with text : IDP.HELU.CMD.Generic23 ( I wanted to include screenshot but it doesnt work)Also it is located in C:\Windows\System32\WindowsPowershell\v1.0\powershell.exeI tried running tests with Avast and Malwerbytes but they dont detect anything
Can you please help
Edit: I took a photo of it
Windows for home | Windows 11 | Security and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Answer accepted by question author
3 additional answers
Sort by: Most helpful
-
_AW_ 67,261 Reputation points Volunteer Moderator2025-02-08T10:47:54+00:00 Your Windows installation is malware free so I assume it's a false positive as Reza mentioned.
If you'd like to investigate what triggers the Avast detection, we could use a Process Monitor capture.
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
If you'd like to pursue this, please let me know how often these detections occur and if any occur soon after system boot.
The filter used in procmon and what events are captured will depend on how long it will have to capture before the detection.
-
_AW_ 67,261 Reputation points Volunteer Moderator
2025-02-07T22:50:24+00:00 This could well be a script based malware. If you'd like your PC checked, please run a scan with Farbar Recovery Scan Tool (FRST) and share your logs.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Note: If you are using Edge, SmartScreen may initially block the download.
Click on the three dots next to the warning and select Keep => Show more => Keep anyway.
- If your computer's language is not English, rename FRST64.exe to FRST64English.exe
- Run the tool, leave the default settings, and press Scan.
- Zip the logs, FRST.txt and Addition.txt, then upload to a cloud storage service like OneDrive, Google Drive or gofile.io
- Post the share link.