Jump to content

Windows Powershell detected as Malware

RothGunnars
 Share

Recommended Posts

Maurice Naggar

Maurice Naggar

Posted
Posted

:welcome:   Hello.

 

I will be guiding you as we go forward.  I do need to see other diagnostic information from this system, so that I can see about pinning down the source of this issue.
I would like to ask that you always attach any report or file I ask for, from time to time.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed, please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just always attach files / reports.
  •     
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable, it is unlikely, but things can go  wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen / flash drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • As we go along, from time to time, Windows User Account Control ( U A C ) will prompt whether to allow a tool or procedure to proceed forward.  Approve the Windows’ UAC prompt on by clicking on Continue or Yes.
  •  

When we are done, I'll give you instructions on how to clean up all the tools and logs
Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
Your topic will be closed if you haven't replied within 3 days.

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

These steps are for   Rothgunnars only. If you are a casual viewer, do NOT try this on your system!
If you are not  Rothgunnars    and have a similar problem, do NOT post here;  start your own topic

Close all your open work ( if any) before starting this next run.  This run will do a reboot at the end.

And see about possibly turning off the Avast antivirus before proceeding  ( just in case if it interferes.)

 

I am sending a Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the FIXLIST and select SAVE AS   and save it directly ( as is) in the same general location as where you have FRST64

save to DOWNLOADS folder.   Make sure it is not auto-opened in any word processor.



NOTE: Both FRST64.exe  and the fixlist.txt must be in the same location or the fix will not work.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.



If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.
 

There is just one task on this machine that autostarts powershell.  After this run it will be gone.

If you turned off Avast, when all is done, turn it back on.

Fixlist.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

Sorry, but we need to repeat the procedure.  First, delete the old copy on the machine named FIXLIST.txt.

Instead you would use the one attached on this reply.

 

Close all your open work ( if any) before starting this next run.  This run will do a reboot at the end.

And see about possibly turning off the Avast antivirus before proceeding  ( just in case if it interferes.)

 

I am sending a Fix script which is going to be used by the FRST64 tool. They will both work together as a pair.

Please RIGHT-click the FIXLIST and select SAVE AS   and save it directly ( as is) in the same general location as where you have FRST64

save to DOWNLOADS folder.   Make sure it is not auto-opened in any word processor.



NOTE: Both FRST64.exe  and the fixlist.txt must be in the same location or the fix will not work.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.



If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.
 

There is just one task on this machine that autostarts powershell.  After this run it will be gone.

If you turned off Avast, when all is done, turn it back on.

Sorry, we have to repeat the previous procedure.  But with the new file I am sending with this reply.  First, locate the FIXLIST.txt on your system and delete the old copy.

 

 

 

Fixlist.txt

Edited by Maurice Naggar
added note
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.