Jump to content

My Powershell got infected


Recommended Posts

Hi my name is win. My computer platform is Windows 10

Yesterday My powershell started appearing on my taskbar, just popping up before promptly disappearing. I was suspicious but up to date Avast and Malwarebytes scans didn't find anything so I assumed it was just a dodgy Windows update or something.

So I run Farbar Recovery Scan Tool  and RougeKiller according to the topic below. 

I have seen the topic below but i don't know if there are a different between me and him. So i decidRk.txtRk.txtRk.txte to ask you for your advice.

I have attached my result here below.

Thank you very much :) for your kindly help.

FRST.txt

Addition.txt

RoKiller.txt

Link to post
Share on other sites

  • Root Admin

Hello @korawich and :welcome:

 

Please start an elevated Admin level Command Prompt and type the following exactly and press the Enter key after each line.

 

SCHTASKS /Query /FO LIST /V >"%USERPROFILE%\Desktop\MyScheduledTasks.txt"

reg export "HKEY_CURRENT_USER\Console" "%USERPROFILE%\Desktop\MyConsoleSettings.txt" /y

Then locate on your desktop the file MyScheduledTasks.txt and MyConsoleSettings.txt  then attach them back on your next reply and I'll take a look and see what's going on.

Thank you

Ron

 

Link to post
Share on other sites

  • Root Admin

You have an old compromised version of Java on your computer. Please uninstall all versions of Java from your Control Panel, Programs, Add/Remove

Please save this attached zip file to your computer. Extract the registry file inside to a folder or desktop where you can find it.

hkcu_console_fix.zip

Inside the zip is the file:  hkcu_console_fix.reg

Find that file and double-click on it to fix the registry entry that is part of the issue of causing the PowerShell command problem

 

Next,

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Then after the reboot run Malwarebytes and check for updates and run a Threat Scan and post back that log

Thanks

 

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.