Jump to content

Registry type virus / malware run with powershell windows 7


Recommended Posts

Malware/virus pulled from infected PC

I get this registry on my PC, every time I login, powershell is run and exit very quick, than I look at my C:\Users\[Username]\ folder, some random .exe files is created, and I upload to virus total, the file is many kind of viruses (like lokcy, toby or anything else).
I boot with hiren boot cd, to see my registry, and export the infected registry. (I cannot delete the infected registry key from Windows 7)

Please only try to import the registry files on test PC.

virus.rar

Link to post
Share on other sites

:welcome:

Hello Suratkecil.

I will be guiding you as we go forward.  I do need to see diagnostic information from this system.
I would like to ask that you always attach any report or file I ask for, from time to time.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed, please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just always attach files / reports.
  •     
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable, it is unlikely, but things can go  wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen / flash drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • As we go along, from time to time, Windows User Account Control ( U A C ) will prompt whether to allow a tool or procedure to proceed forward.  Approve the Windows’ UAC prompt on by clicking on Continue or Yes.


When we are done, I'll give you instructions on how to clean up all the tools and logs
Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
Your topic will be closed if you haven't replied within 3 days.

Please download    Farbar Recovery Scan Tool and save it to your desktop.

You may wind up needing to temporarily turn off your antivirus program IF it interferes with the diagnostic tool-reports listed below.

Right-click on *FRST* icon and select  *Run as Administrator * to start the tool , and reply *YES* to allow it to proceed and run.
_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line  *More info* information on that screen and click button *Run anyway* on next screen._
Click YES when prompted by Windows U A C prompt to allow it to run.

 


Approve the Windows’ UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes.

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt).
Please attach FRST.txt & Addition.txt along your next reply.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.