Jump to content

Exouxas

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Exouxas

  • Rank
    New Member
  1. Is there a way to make the script output $GWZNUIECUEHLSMGRMU into a text file instead of executing it? Maybe that would help to see what the script does?
  2. Here we go, got the registry folder for HKCU\Software\Classes\HCOVLIORJR I checked what programs got started when I run powershell with those arguments manually, and it starts SVCHost each time. Hope someone will be able to find out what this actually is/does. I think this might be residue from a virus that I got from a Thai colleague. It got transmitted through memory sick by putting all filles within a hidden folder and making an "infected" shortcut to the folder. But I'm not sure if it's from that time or if it's something else entirely. reg.zip
  3. Hey, new user on the malwarebytes forums here. Ok, so I scanned my computer with malwarebytes, and it detected "PUP.Optional.PowerShellSP" And that's ok, I mean it's just one threat right? But I started checking the actual registry key, and this MF is actually running powershell, which runs (binary?) code stored in my registry. Does anyone want to check what the code was doing? Here's the registry entry that malwarebytes detected: "{F119BFAB-D0C9-4E62-9DCF-7923777499B1}"="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -noprofile -windowstyle hidden -exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.