Jump to content

Issue with Microsoft Powershell opening on it's own from the taskbar?


Recommended Posts

Hello there,

So last Thursday, I got a virus on my computer and swiftly brought it to Geek Squad to help clean up and fix, since I have protection with them. When I got it back the problems seemed resolved, but now a new one has appeared, that was not an issue before. Every now and then Microsoft Powershell will randomly appear on my task bar, causing me to have any full screen things minimized, but I won't be able to open Powershell in a larger window to see what it is doing. However if I close it through right clicking close on my taskbar, it goes away. But when I see things like powershell or system32 in the top bar on the minimized version of powershell, I get worried, and since this is right at the end of recovering from a virus, I'm feeling extra cautious and paranoid. Upon google searching, seems this has been a problem with some pcs, but all the ways to resolve the situation are different, and then I found this forum and a similar answer, but the staff member cautioned the solution might only be applicable to the original topic poster. Seeing Malwarebytes frequently mentioned in the google searches as a good way to remove malware, I downloaded it and cleaned my computer up a bit, however I did not touch or quarantine files that said "Potentially Unwanted Product." I quarantined the files labeled as "Malware", but when the problem of Powershell opening randomly on my taskbar again came today, I then made sure to delete the quarantined "Malware" files a few minutes ago. I haven't touched or quarantined the "Potentially Unwanted Products" in case they might break something on my laptop. I know that with Spybot Search and Destroy if you removed 'n-case files', it would cause problems to your computer, why I'm airing on the side of caution here. Is the problem perhaps in these "Potentially Unwanted Products" that I have 69 of? Or could the problem perhaps be something else entirely? Thanks.

Link to post
Share on other sites

Hello Serge,

Malwarebytes log shows "No Action Taken" against all found entries, can you run again and quarantine all found entries.... When complete run FRST again..

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Thanks,

Kevin

Link to post
Share on other sites

Key Kevin,

Indeed, that would be right, like I said before, I was rather wary to quarantine the 69 "Potentially Unwanted Products" in the event that (like with Spybot Search and Destroy and it's 'n-case' files that you shouldn't delete, despite coming up as spyware, or else it would mess up some of your computer's functions), one or more of these files may actually be a major function for my laptop. I did however quarantine and delete the malware that was scanned a few days ago, don't know why that didn't show up in the log. Regardless, following your advice, I quarantined the remaining 69 "Potentially Unwanted Products" files and saved their logs over the previous ones and have posted the updated txt files for you. Thanks.

Addition.txt

FRST.txt

MalwareBytes Log.txt

Edited by Serge8888
Link to post
Share on other sites

Files are quarantined so if an entry is moved by mistake (false positive) we can dequarantine and put it back.... Continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Post those logs, also let me know if there are any remaining issues or concerns.....

Thank you,

Kevin...

 

 

fixlist.txt

Link to post
Share on other sites

Hey Kevin,

Thank you for your thorough reply and sorry I'm getting back to you so late, had a busy work schedule this past week and as a bartender my hours aren't always the most convenient. Finally got around to installing and running all the programs you listed, attached below are the 4 logs you asked for, the fixlog, the Zemana log, the adwcleaner log and the MSRT log. Thanks.

Fixlog.txt

Zemana Log 2017.10.27-16.41.56-i0-t92-d3.txt

AdwCleaner[C0] Log.txt

Microsoft Windows Malicious Software Removal Tool Log.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.