Jump to content

dzseti

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About dzseti

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Here are the results msert.log mbst-grab-results.zip ASUS-ZENBOOK-JT.zip
  2. Hi Maurice I'm still getting the blocking messages. Would be nice to find out what is causing the use of powershell.exe. Presumably it would be possible to log this somehow. J
  3. Here are the details: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 18/09/2020 Protection Event Time: 19:39 Log File: da6e94ac-f9d5-11ea-8512-acfdce966891.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1045 Update Package Version: 1.0.30039 Licence: Premium -System Information- OS: Windows 10 (Build 19041.508) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: m0m09983.hldns.
  4. Hi Maurice Nothing to check in Downloads that I clear out almost daily. Ran the RogueKiller, but nothing found (see attached) And yes connections to that IP / domain name are still being blocked roguekiller.txt
  5. I've run the fix script - results attached in log file I've also removed FireFox that I haven't used for a long time anyway Thanks for all your help 😀 Fixlog.txt
  6. Every hour or so powershell.exe tries to connect to a russian domain and is blocked by MB. I have scanned and not found any malware; have also run Farbar and have the frst.txt and addition.txt files; and have run the adware cleaner (log attached). What steps do I take next to identify what is using poershell.exe? FRST.txt Addition.txt AdwCleaner[C00].txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.