Jump to content

Gunblazer42

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Apologies, Aura, for the delay. I unfortunately can't provide you with a log of the detection because when I had first received your message regarding the solution to the problem, it was via the email notification that gets sent to me whenever there's a reply in this thread, which contained the original message of linking to an FRST fix and instructions. I had run the FRST fix immediately before Malwarebytes informed me an update to the definitions was available, after which I had scanned my desktop. When I had clicked the link to this thread to thank you, I saw that you had edited the message to tell me to scan instead. It's not until now that I checked the log of the scan; I mistakenly assumed that the scan had removed the malware but since it's not in the log, I believe that the FRST fix removed it first.
  2. Thanks, Aura, the scan took care of it. Ran the scan Saturday afternoon and I haven't seen Powershell open up since. Thanks a lot!
  3. Hi Aura! Here's the log of the virus scan. I'm really paranoid about this because this is the first time Malwarebytes hasn't completely gotten rid of something so I'm worried this might be a lot worse than I thought. Virus Scan Report.txt
  4. Recently, as of about two or three weeks ago, Powershell started opening up by itself whenever my computer was idle and I wasn't interacting with it. It would typically be about two minutes after I stopped touching anything. I was curious as to why, so I downloaded and installed Malwarebytes and started the trial, and it started telling me that it was blocking Powershell from connecting to an IP address. It's the same as this person's problem. I've attached one of the block reports. I did a couple of scans, including one in safe mode, but Malwarebyes didn't find anything, but continued to block Powershell trying to ping the IP address. I even went so far as to check my FRST logs myself and I indeed found strings in the task manager referring to connecting to the IP address, 5.79.81.161, like that person's issue. It seems that it tries a different port per attempt. Now that my trial is over, Powershell is starting to open up again. I tried to homebrew my own solution, mainly using Windows Firewall to block Powershell from performing outbound connections, but that's probably not good in the long term FRST.txt Addition.txt Report.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.