Windows 10: How do I get rid of this virus that is located in powershell.exe?

I really don't know or remember anything I downloaded, one day this just kept spamming

:)

 

Help with PowerShell Virus!

Every time that I open windows, PowerShell pops up. I searched and I found that it's a PowerShell virus.

I followed the steps that are listed here,

How to uninstall PowerShell? *Trojan Virus* and Help with PowerShell Virus!

but nothing happened.

Autorun scan log

https://drive.google.com/file/d/178BS66D-qUMc6-UuRO-qFF57HfIy5vmX/view?usp=share_link





Bitdefender after every restart:





I really appreciate any help you can provide.

Windows 10 user

 

How to remove Gallery.exe (Virus)

I've been dealing with a virus named "Gallery.exe," and despite my best efforts, it keeps coming back. I've taken several steps to remove it, including formatting my disk, but it still manages to return. I was able to spot this suspicious exe running in my background, I tried my best to find it's location but it kept opening File Explorer with no signs of that exe. When I opened the exe location using Task Manager it opened 'C:\Users\[username]\AppData\Roaming". I could not see the exe in that location, I somehow opened the exe properties and saw the hidden option on it was greyed out. So I used the command "attrib -h -s /s /d" to unhide the file and then I was able to see it. I deleted the file but then, it kept coming back with every restart. Since then, my windows is going insane, the Windows anti-virus keeps deleting genuine files like, AMD Software, Google Chrome, and windows apps itself. My different apps started behaving weird and all.

What I've Tried So Far:

• Formatting the disk and performing a clean install of the operating system.
  
• Running multiple antivirus and anti-malware scans.
  
• Installing all available Windows updates and patches.
  

Unfortunately, none of these attempts have been successful in permanently removing this pesky virus.

System Information:

• Operating System: Windows 11
  

Specific Questions:

1. Has anyone encountered a similar virus issue and successfully removed it? If so, could you please share your experience and the steps you took?
   
2. Are there any known vulnerabilities or software that "Gallery.exe" may exploit to keep reappearing?
   

I'm open to any advice, suggestions, or guidance you can provide. My goal is to get my computer back to a virus-free state and ensure it remains that way.

Thank you in advance for your help and support. Your expertise is greatly appreciated!

Best regards, Rehan Ramay

 

How do I get rid of Trojan Virus located in my Powershell Application?

Yeah, the whitelist checkboxes need to be enabled. Else, it lists all the entries, including the MSFT entries.

• Download fixlist.txt
  
• Make sure FRST64.exe and FixList.txt are in the same folder.
  
• Launch FRST64.exe and click "Fix".
  
• Post the contents of the output log file (FixLog.txt) here, or upload it to OneDrive.