Jump to content

Recommended Posts

Every time I turn on my computer and start doing stuff, a windows powershell cmd pop up for a few seconds and then dissapear. I then start runing Malwarebytes and I find 5 Potentially Unwated Programs related to it. I put them on Quarantine and restart, and then everything start all over again. How do I get rid of whatever PowerShell is doing?

Malware PowerShell.jpg

Link to post
Share on other sites
  • Root Admin

Hello @Giancarlo84 and :welcome:

 

Please start an elevated Admin level Command Prompt and type the following exactly and press the Enter key after each line.

SCHTASKS /Query /FO LIST /V >"%USERPROFILE%\Desktop\MyScheduledTasks.txt"

reg export "HKEY_CURRENT_USER\Console" "%USERPROFILE%\Desktop\MyConsoleSettings.txt" /y

Then locate on your desktop the file MyScheduledTasks.txt and MyConsoleSettings.txt  then attach them back on your next reply and I'll take a look and see what's going on.

Thank you

Ron

 

Link to post
Share on other sites
  • 2 weeks later...
On 6/28/2017 at 2:28 PM, AdvancedSetup said:

Hello @Giancarlo84 and :welcome:

 

Please start an elevated Admin level Command Prompt and type the following exactly and press the Enter key after each line.

SCHTASKS /Query /FO LIST /V >"%USERPROFILE%\Desktop\MyScheduledTasks.txt"

reg export "HKEY_CURRENT_USER\Console" "%USERPROFILE%\Desktop\MyConsoleSettings.txt" /y

Then locate on your desktop the file MyScheduledTasks.txt and MyConsoleSettings.txt  then attach them back on your next reply and I'll take a look and see what's going on.

Thank you

Ron

 

Did you got the attachments Ron?

Link to post
Share on other sites
  • Root Admin

Hi there and sorry for the delay @Giancarlo84

I thought that I did reply before I left. I would like to get a set of FRST logs please.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Ron

 

Link to post
Share on other sites
  • 2 weeks later...
On 7/10/2017 at 4:49 PM, AdvancedSetup said:

Hi there and sorry for the delay @Giancarlo84

I thought that I did reply before I left. I would like to get a set of FRST logs please.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Ron

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites
  • Root Admin

Please download the attached file hkcu_console_fix.zip and save it to your computer. Then, locate the file and open it and double-click on the Registry fix inside and let it merge into the Registry to remove the bad entries created by this threat.

hkcu_console_fix.zip

Next, run the script fix below to fix the other portion of this threat.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Then after both fixes, restart the computer and then open Malwarebytes and run a Threat Scan and post back that log too.

Thanks

Ron

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.