Question Regarding powershell.exe Attacks?

notescope

I've been receiving these alerts and investigating the cause with minimal luck. Talked to support and didn't find a solution, yet. Obviously, there is malicious code on my machine and I can't locate it.

Considering a reformat. Couple of questions. If I pull the ram for 24 hours will that do the trick - as it is supposedly contained in RAM memory. If not, can I do a reformat to eradicate it or do I need a full clean install? AND will that do it. Tried to send a logged report to BD but it didn't work - would that be a better way to go first?

Thoughts from those with a lot more knowledge then myself would be greatly appreciated.

Best.

notescope

notescope

I've been receiving these alerts and investigating the cause with minimal luck. Talked to support and didn't find a solution, yet. Obviously, there is malicious code on my machine and I can't locate it.

Considering a reformat. Couple of questions. If I pull the ram for 24 hours will that do the trick - as it is supposedly contained in RAM memory. If not, can I do a reformat to eradicate it or do I need a full clean install? AND will that do it. Tried to send a logged report to BD but it didn't work - would that be a better way to go first?

Thoughts from those with a lot more knowledge then myself would be greatly appreciated.

Best

notescope

Alexandru_BD

Hello @notescope and welcome to the Community!

We would require a bit more context to be able to advise accordingly. I have noticed that you also have a ticket raised for the Support Teams, they have replied to you on December 10th, however, as they haven't received a reply since, the case was closed. Unfortunately, the files were not uploaded in the cloud, according to the engineer's latest reponse. Should you wish to reopen the case, replying to the latest email received from our engineers will update the ticket and reopen it to continue the troubleshooting process.

Regards