apachewolf956 Posted October 23, 2022 ID:1538956 Share Posted October 23, 2022 I recently started having this problem were powershell pops for a second and then close because of my security suite I've done 2 deep scan on 2 different programs and I cant find any problem files. when I look up the exploitw32 on google it doesn't proved me with a for sure answer if it is a false positive or malware. I really don't want to format my laptop just to make this go away I appreciate all the help Link to post Share on other sites More sharing options...
1PW Posted October 23, 2022 ID:1538963 Share Posted October 23, 2022 Hello @apachewolf956 and : While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run one or more of its following procedural steps, please carefully follow the instructions within the following: I'm infected - What do I do now? Remember, please be certain to attach (not Copy and Paste) the three (3) resulting report files in your next reply to this topic. Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 23, 2022 ID:1538964 Share Posted October 23, 2022 (edited) Hello @apachewolf956 Please do as suggested above. And following that, also do this antivirus/anti-malware scan. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan . Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those. We only rely on the end result that is on the log-report-file. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. We will do more later. Edited October 23, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
apachewolf956 Posted October 23, 2022 Author ID:1539000 Share Posted October 23, 2022 here are the 3 files I also added a screenshot of the application being blocked by my security suite Addition.txt FRST.txt msert.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 24, 2022 ID:1539012 Share Posted October 24, 2022 Much thanks for the reports. The Microsoft Safety Scanner found no virus, no trojan, no malware Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Sun Oct 23 18:25:36 2022 As to the message-window about "powershell block" is from the Security Suite by F-Secure. Something which I have no experience with. But anyhow, IF you did not pay for a license for IObit Malware Fighter then I would like for you to Uninstall it. Then do a Windows Restart. I will have more for you to do later. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 24, 2022 ID:1539019 Share Posted October 24, 2022 Found the malware that is triggering the "powershell" alarm by F-Secure. It is a obscure and highly obfuscated scheduled task. These procedures below will remove it, plus, the custom fix-run will do some checks of the system for integrity and for malware remnants. Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use this Guide Please be sure to Close any open work files, documents, any apps you started yourself before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app. We will use FRST64.exe on the Downloads folder to run a custom script. This custom script is for Apachewolf956 machine only / for this Windows 10 Pro machine only. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. 👈 Look on Downloads folder for FIXLOG.txt. ATTACH that file with next reply for my review. Link to post Share on other sites More sharing options...
apachewolf956 Posted October 24, 2022 Author ID:1539124 Share Posted October 24, 2022 ok ill go ahead and remove the iobitmalware fighter i had downloaded this to help with this problem but before i continue with steps you i used the malwarebytes free software to do a scan on my laptop and was able to remove various files and i haven't had that pop up yet Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 25, 2022 ID:1539248 Share Posted October 25, 2022 Alright. But, do proceed forward and do what I last outlined. and post back the Fixlog.txt for review We have more to do. 1 Link to post Share on other sites More sharing options...
apachewolf956 Posted October 25, 2022 Author ID:1539304 Share Posted October 25, 2022 ok here is the fixlog what is next Fixlog.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 26, 2022 Solution ID:1539367 Share Posted October 26, 2022 That run is most beneficial. We've removed more threats. Now, a new scan. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save itguide & download link Then be sure to close all web browsers after the download & before launching the tool. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner Guide article Attach the clean log from Adwcleaner when all completed. Link to post Share on other sites More sharing options...
apachewolf956 Posted November 1, 2022 Author ID:1540190 Share Posted November 1, 2022 AdwCleaner[S00].txt sorry this took awhile to get back to you i move around alot for work AdwCleaner[C00].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 1, 2022 ID:1540207 Share Posted November 1, 2022 Hello. That is a very good cleanup by Adwcleaner. Tell me, How is the situation at this point ? I would recommend getting a readout report as to update status of some key apps. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
apachewolf956 Posted November 1, 2022 Author ID:1540224 Share Posted November 1, 2022 everthing looks good i havent had any popups or unwanted apps being blocked so everthing seems back to normal Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 1, 2022 ID:1540231 Share Posted November 1, 2022 That is good to now. Still, run that tool so I can review its report. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 6, 2022 ID:1544565 Share Posted December 6, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts