Jump to content

Search the Community

Showing results for tags 'powershell'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 25 results

  1. Hi, Good day to all. Four days ago, my pc windows defender/windows security was detected Trojan:PowerShell/PsInjection.A as severe threat, example as below: I have scanned through Malwarebytes, but no virus detected. Report as follows: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/10/19 Scan Time: 12:52 PM Log File: d37b26f4-eb19-11e9-a05d-98eecb7ba763.json -Software Information- Version: Components Version: 1.0.627 Update Package Version: 1.0.12833 License: Free -System Information- OS: Windows 10 (Build 18362.418
  2. Dear, forum For the last couple of days, I have had a MBAE popup saying it has blocked an exploit attempt on Powershell. It pops up every 20 minutes. I have run RogueKiller, which only found an issue with Hola VPN (which I have now removed). I also tried to turn off Powershell in "Control Panel > Programs and features > Turn Window Features On and OFF". This did not help. I have Windows 10. I use Windows Defender as virus protection. The MBAE build is After reading several posts, it seems to me that there is no one-fix-that-works-for-everyone. So I'm turni
  3. Hello, i have problem with powershell.exe it slow down my pc, but i dont know what to do to delete him, can anybody help me please? I saw few topics and i installed frst64 in attach are logs. Thank you. Addition.txt FRST.txt
  4. Back on August 17, I installed Malwarebytes on my machine since I was having performance issues. The scan found 16 threats on my PC, and removed them as such. Even after this scan though, and several others, Windows Powershell is still performing some suspicious activity. Malwarebytes will occasionally notify me of an outbound connection to "wentz.pw" that Powershell keeps attempting to make. This is classified as "riskware", but I'm concerned since I can't get rid of it. Attached is the log for the most recent connection attempt. blocklog.txt
  5. Every time I restart my PC, I get a notification from Malwarebytes that a 'website was blocked due to malware'. It claims to be an outbound connection affecting the file 'powershell.exe'. The website is f.top4top.net. Malwarebytes identifies this as malware but it is not a program I can remove and I have never visited that website. I'm looking to sort out whatever the issue may be here. The logs can be found below. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/8/18 Protection Event Time: 4:25 PM Log File: 137327b6-82ed-11e8-8c03-1c1b0d993f99.json
  6. Hi Malwarebytes support, My windows 10 was affected by adware/malware and I have used malwarebytes to remove most of it. However, there' still one malware that can't be removed by malwarebytes. Whenever I startup my windows a powershell cmd appears for a brief second and disappears. I took a screenshot for your reference (refer to attached). It appears to be a powershell command that executes new-object net.webclient.downloadstring(URL). Malwarebyte then detects a malware found at the location c:\windows\winime.exe and quarantines it. Sometimes a myexe.exe malware is also found. Hence i r
  7. I have PowerShell on windows server 2008 R2 using cpu 100% and I have attach file: Addition.txt and FRST.txt help analyze. I hope to get help with this issue. Thanks you, Oatstate Addition.txt FRST.txt
  8. Hello I have been having an issue with our server at work recently and cant get to the bottom of it. Two Powershell windows keep opening in the background running a script one of which consuming a lot of CPU power. I can end the task or suspend the process but it always returns. This machine hosts a domain and several users log into this server via remote desktop on the default port 3389 These are the scrips - the first one is the one using 70% of the CPU - the second one always appears first "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -N
  9. I should thank to Malwarebytes to remove the Ransomware from my PC. unfotunately, it doesn't fix my computer completely. i read a post so i run the same thing like it was told. please help me to analyze my FR i should fixST and Addition file reported by farbar recovery tool. what i should do next? Addition.txt FRST.txt
  10. Hi my name is win. My computer platform is Windows 10 Yesterday My powershell started appearing on my taskbar, just popping up before promptly disappearing. I was suspicious but up to date Avast and Malwarebytes scans didn't find anything so I assumed it was just a dodgy Windows update or something. So I run Farbar Recovery Scan Tool and RougeKiller according to the topic below. I have seen the topic below but i don't know if there are a different between me and him. So i decidRk.txtRk.txtRk.txte to ask you for your advice. I have attached my result here below. Than
  11. Hi! Im basically having the same exact problem as this guy: After powershell runs, Malwarebytes scans and finds the same three PUP's. I keep deleting them, but powershell keeps putting them back on my computer. I don't know what to do about it and I don't want to mess with the registry logs without an experts assistance. Please Help! The Pup files.txt
  12. So I've posted before about some odd happenings and never really found a solution but think I got a little closer. In my event logs, I have several power shell events like pshell console starting a server (among other things), Multiple WMI services starting, and browser redirects. Nothing has ever been found by Win defender or MBAM Premium (I really don't feel like they're working - on the surface they seem to working fine but I think it's an illusion). Hitman Pro did find a file Win32.Droma.abdb (first malicious file I've ever found) and that led me to googling that and found this article.
  13. Hi, so as the title states, Windows Powershell opens up maybe three or four times a day in the background and then quickly shuts itself down after a second. I haven't really seen any negative side effects from this, but it's starting to get annoying. I have run Malwarebytes scan but it has returned 0 identified threats. Are there any recommended options? Thank you!
  14. Every time I turn on my computer and start doing stuff, a windows powershell cmd pop up for a few seconds and then dissapear. I then start runing Malwarebytes and I find 5 Potentially Unwated Programs related to it. I put them on Quarantine and restart, and then everything start all over again. How do I get rid of whatever PowerShell is doing?
  15. Hi As stated from the title above, there is a suspicious program I've found in the startup as attached in the startup.txt named "{FB744D93...". I've tried to disable, and also removing it but nothing works. It is still there everytime upon laptop startup. It starts to behave like this after my brother inserted his flash drive into my laptop There is a topic that is more likely the same (if I'm not mistaken) that has been posted yesterday. Thus I have attached all the required files. Thanks in advance! Addition.txt FRST.txt regexport.txt startup.txt
  16. Iv got this really annoying problem with powershell.exe, sometimes i cant even access any internet domain and it doesnt let me update the antivirus (ESET). The powershell.exe starts up with windows and nothing that i did could prevent it from doing so, iv scanned this pc with Malwarebytes, RougueKiller, ZHPCleaner, ADWcleaner, Spyware and Farbar, but none of those found anything, besides rouguekiller, but the files it deleted came back as soon as the pc restarted. Im trully lost in this one, pls help Here are the logs from the scans iv ran Addition.txt FRST.txt JRT.txt
  17. I wrote a Powershell script that uploads and downloads files through FTP. The script is located on a server, and 5 computers have shortcuts that point to the script. Anti-Exploit is running on all computers and managed through the Management console on the server. One of the computers occasionally blocks this file and identifies it as an exploit. ("Exploit Payload process blocked"). Once the computer is restarted or anti-exploit is restarted, we don't have issues for days at a time. The issue ONLY occurs on this specific computer, and only sporadically.
  18. First time asking for help. For awhile(past week or so) now Powershell pops up for a sec in my taskbar, then Malwarebytes give me a popup saying that it blocks off some connection from forallshop.info, usually at 12:09 P.M. and 8:09 P.M. it also does this every day, though it has skipped a days once in awhile. My primary security is Mcafee. I've run Malwarebytes, the Malwarebytes adware cleaner, Anti-rootkit, and Junk Removal tool, I've also ran Zemana, Hitmanpro, and Sophos Virues Removal Tool. Any advice?
  19. Hi, I posted something similar a few weeks back but got no response. I think my computer is infected with malware that uses windows powershell to execute. I have Malwarebytes Premium and every now and then it blocks the domain 'tablezip.info'. It's persistent and every time I attempt to scan and remove it, it reappears after a few days and I get pop-ups and malicious adware. Any help removing would be greatly appreciated. Addition.txt FRST.txt
  20. Last week i wasn't able to use my internet banking due to the https certificate not being recognized. At the same time, some websites would not load, and Chrome kept saying i wasn't connected to the internet - which i was, as pages loaded normally on my phone. I reset my router to factory setting and reconfigured the network settings to no avail. It was only then that i found that my LAN is set to a proxy server on Once i unchecked that, everything was fine, but that option gets checked again (with a different port) everytime i reboot. As i was snooping around my active p
  21. I have been having this issue for a while now, powershell exe keeps appearing on my taskbar out of nowhere. Absolutely nothing changes on my screen but I just see it appear and disappear in a few seconds every now and then. I read up online and found scary things like ransomware and locked files and what not, so I decided to try out a bunch of online methods to get rid of it. Initially I had AVAST, but since that wasn't detecting anything I uninstalled it and got the free version of AVG, which detected the powershell exe file trying to connect to a website "camel support" but I couldn't do any
  22. So in the past 1-2 months an icon of Windows Powershell appeared randomly and soon after disappeared from my task bar. A few weeks later I started getting Avast warnings that some threat named Camel host had been blocked, so I did a few scans both on Avast and Malwarebytes but nothing came up, then the warning popped up again. Furthermore the "virus" doesn't seem to affect anything and I don't mind removing Windows Powershell if removing it doesn't have any major consequences.
  23. Hey, new user on the malwarebytes forums here. Ok, so I scanned my computer with malwarebytes, and it detected "PUP.Optional.PowerShellSP" And that's ok, I mean it's just one threat right? But I started checking the actual registry key, and this MF is actually running powershell, which runs (binary?) code stored in my registry. Does anyone want to check what the code was doing? Here's the registry entry that malwarebytes detected: "{F119BFAB-D0C9-4E62-9DCF-7923777499B1}"="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -noprofile -windowstyle hidden -exe
  24. Hi all, I have something that is creating pop-ups, randomly through out the day, opens chrome and directs to a money making scam site or the like. Malwarebytes blocks it, and gives the following log. I can't figure out how to stop it, remove it, etc. Any help appreciated. Thanks. Malwarebytes Anti-Malware www.malwarebytes.org Detection, 2/12/2016 1:16 AM, SYSTEM, KONSEPT-LAPTOPM, Protection, Malicious Website Protection, Domain,, beautyfile.info, 61990, Outbound, C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, Detection, 2/12/2016 1:16 AM, SYSTEM, KONSEPT
  25. I have been using Norton Security for Comcast and current version of Malwarebytes. Norton tells me it has blocked an attack by: System infected: Trojan.Powelik Activity. Same thing for Trojan.AdClicker Activity. I'm also notified that PowerShell has stopped working and High Memory usage by Com Surrogate. I'm using Windows 7 Home Premium 64 bit operating system. My system is working at a snails pace, any help would be greatly appreciated. Thanks, Steven
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.