Jump to content

Trojan Window Powershell Virus


Go to solution Solved by Maurice Naggar,

Recommended Posts

On June 20th,  I went to download a game and all it did was download the installer for it. Nothing came of it and so I uninstalled the program. Since them my wi-fi has been going haywire by saying "Can't connect to network", but the most concerning this is when I log into my laptop, there is a blue screen that appears with red text. At first, I wasn't entirely concerned about it...until I took the time to READ what it said. I have attached an image to this thread. I have experienced the blue screen of death before in the past in my younger days and haven't download anything for the past 9 years onto my system that I shouldn't have. In a stupid moment on 6/20, I guess I threw my brains out at that split moment, so this happened.

I have read multiple threads regarding this issue, but I want to make sure I receive the specific directions for my laptop. I have a Dell Inspiron 7559 using Windows 10.

I'd appreciate all the help I can get to get this issue resolved. :)

image_6483441 (2).JPG

Link to post
Share on other sites

Hi   :welcome:

My name is Maurice.   I will guide you.  Just please attach reports / logs on-to your Reply as we go along.

Please do all the steps on this basic first-steps.  Attach the logs.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

This appears to be possibly a loose javascript file trying some 'thing' with the Edge browser.

 

Link to post
Share on other sites

Hi Maurice!

I almost always use Chrome, unless I search something in the start search bar that opens it in Edge accidentally.

I had already scanned in Malwarebytes and quarantined the issues. I had done this back on 6/21 right away, I guess mostly due to paranoia. Detection History is saying I have 4 total items though the scans only show 3 back from 6/21.

 

image.png

Addition.txt FRST.txt Malwarebytes Threat Scan Report.txt

Link to post
Share on other sites

Thank you.  So, according to Malwarebytes for Windows,  Trojan.BrowserAssistant.Powershell   ( 3 pieces thereof) were removed to Quarantine.  Thus ought to be not active or present.

Let's do one scan with Malwarebytes Adwcleaner.   Just before pressing that "scan" button, be sure that both Chrome & Edge are Closed.

Let me suggest you do one scan with Adwcleaner to check for adwares.

Let me suggest you do one scan with Adwcleaner to check for adwares.   It will not take much time,

First download & save it 

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then do a scan with Adwcleaner 

 

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.  

 
Link to post
Share on other sites

  • Solution

This is the next step, after you are caught up.  This will involve a system Restart.  It should go fairly quickly.

Save this scrpt file named FIXLIST.txt  to Downloads folder.

Fixlist.txt

 

Start FRST64   on the Downloads folder.

Click on FIX button.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

 You will see a green progress bar start. 

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

 

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Thank you.   After this, the expectation is that the attempt to run Powershell for the pest BrowserAssistant should be no more.

Link to post
Share on other sites

So before I posted for assistance I attempted to resolve the issue on my own with no luck. So, I did run the AdwCleaner as it was requested in previous threads as I thought that didn't pose a harm to the process of getting rid of the threat. However, now that I think about it, there is probably a specific process to follow. I do want you to know that on the AdwCleaner after I scanned and quarantined. I did restart my computer, but the blue screen with the red text appeared still. I also had deleted the quarantined items as well, now I'm not sure if that was right or not. I haven't picked up on any malicious threats doing scans since then. I've run the AdwCleaner again just to be safe. Included are the logs from when I did it earlier to show what was found and the deletion process as well from which I restarted my laptop as directed. 

I will continue onto the next step and reply with those results.

 

AdwCleaner[S00].txt AdwCleaner[C01].txt

Link to post
Share on other sites

After the restart with the running the fix, I DIDN'T see the blue screen when my laptop loaded after sign-in! It typically happened about 10 seconds after sign in. And nothing popped up and then disappeared. 

Thank you so, so, so much for all of your expertise!

Is there anything else I should do now that my issue has been resolved?

Fixlog.txt

Link to post
Share on other sites

Good mornin.   Thank you for the confirmation & the log.  The last remains of the pest are gone & your system is good to go.

By the way, "the blue screen" was just a message notice from Windows that it was unable to locate a folder.   ( the folder & the main parts of the pest had been removed before by Malwarebytes for Windows.)

Your pc is good-to-go.

.

Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard. 

The Malwarebytes Browser Guard will keep your Chrome & EDGE browser safer.   ( install on each ).

See Support article how-to 

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard

Note: If your pc has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard.
.


We can proceed with cleanup of tools we used.

To remove the FRST64 tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRST64.exe & select RENAME & then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Adwcleaner you may keep & run on-demand as desired, to look for adwares.

I wish you all the best.

Sincerely.

Maurice


 

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.