Jump to content

I guess my system is infected! :( Powershell.exe


Recommended Posts

Hey there, I need your help!

I have windows 7 installed on my PC. Every time I turn on the system an icon appears in the taskbar which reads C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.It disappears after a few seconds but it's annoying to see it appear out of nowhere. Is it some malware? I tried getting rid of the icon by checking the startup section in system configuration and disabled the item with command having keyword powershell in it.After restarting system I found that the problem still remains. I again checked the startup services and a new thread with the same powershell process has appeared. That is every time I disable a powershell process a new one is generating.I also ran malwarebytes but it found no threat pertaining to this.

I have attached some files for your reference.

Help me get rid of this icon!

malwrarebytes scan log file.txt

startup.txt

Capture.JPG

Link to post
Share on other sites

  • Staff

Thanks. We will need FRST reports now as an additional check:

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

The problem is sorted now!

The icon isn't appearing anymore on turning on the system.Even the startup services don't have a single mention of powershell.exe thing.

Thank you so much :)

Out of curiosity, I would still like to know was it some infection? What was the cause and how did you sort it?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.