powershell.exe malware. How do I remove it?
in Protection
Over the last few days bitdefender has found 1 attack each day with the following:
powershell.exe
C:\Windows\ System32\WindowsPowerShell\v1.0
(Command line parameters: "C:\Windows\ System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &(env:psmodulepath = [Io.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync -AppvPublishingServer n; [strig]Scontent=[System.Text.Encoding]::UTF8:GetString([System.Convert]::FromBase64String(IO.File]::ReadA||Text(C:Users\Mark Schnegg\AppData\Roaming\logs.txt).Replace('-','')));IEX $content;))
wscript.exe
C:\Windows\System32
conhost
C:\Windows\System32
Disenfection successful: Open quarantine
Any idea what this is? How can I eliminate it?
Thanks
powershell.exe
C:\Windows\ System32\WindowsPowerShell\v1.0
(Command line parameters: "C:\Windows\ System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &(env:psmodulepath = [Io.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync -AppvPublishingServer n; [strig]Scontent=[System.Text.Encoding]::UTF8:GetString([System.Convert]::FromBase64String(IO.File]::ReadA||Text(C:Users\Mark Schnegg\AppData\Roaming\logs.txt).Replace('-','')));IEX $content;))
wscript.exe
C:\Windows\System32
conhost
C:\Windows\System32
Disenfection successful: Open quarantine
Any idea what this is? How can I eliminate it?
Thanks
0
Answers
-
Kindly drop an email to bitdefender support at bitsy@bitdefender.com regarding your query .They will reply back asap.
Regards
Flex
(Bitdefender beta tester 2019/ 2020)
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0
