Windows 10: Is my windows powershell also infected?

Discus and support Is my windows powershell also infected? in AntiVirus, Firewalls and System Security to solve the problem; My friend was using my laptop and he clicked on a microsoft word file and Windows defender said that it was a threat so immediately we scanned it. He... Discussion in 'AntiVirus, Firewalls and System Security' started by Clark_y, Aug 25, 2020.

  1. CLARK_Y
    Clark_y Win User

    Is my windows powershell also infected?


    My friend was using my laptop and he clicked on a microsoft word file and Windows defender said that it was a threat so immediately we scanned it. He did not open the word file and I deleted the word file as well as the stated affected file in windows defender


    Here's the status in the protection history

    Is my windows powershell also infected? b70f0227-7027-40f4-9376-af64cdf9fcc7?upload=true.png


    After that I decided to check event viewer to see what was going on and I saw this in the log:


    Windows Defender Antivirus has detected malware or other potentially unwanted software.

    For more information please see the following:

    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Emotet.ARJ!MTB&threatid=2147747854&enterprise=0

    Name: Trojan:Win32/Emotet.ARJ!MTB

    ID: 2147747854

    Severity: Severe

    Category: Trojan

    Path: file:_C:\Users\Mom Dad\AppData\Local\Temp\oFFIce2019\R_o2c8hj4.exe

    Detection Origin: Local machine

    Detection Type: Concrete

    Detection Source: Real-Time Protection

    User: LAPTOP-H1FST728\Mom Dad

    Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

    Security intelligence Version: AV: 1.321.2085.0, AS: 1.321.2085.0, NIS: 1.321.2085.0

    Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4


    I see in the Process name that it's powershell? Does that mean it's infected? Another warning states that the Process name was unknown:

    Windows Defender Antivirus has detected malware or other potentially unwanted software.

    For more information please see the following:

    https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Emotet.VC!MTB&threatid=2147757854&enterprise=0

    Name: Trojan:Win32/Emotet.VC!MTB

    ID: 2147757854

    Severity: Severe

    Category: Trojan

    Path: file:_C:\Users\Mom Dad\AppData\Local\Temp\oFFIce2019\R_o2c8hj4.exe

    Detection Origin: Local machine

    Detection Type: Concrete

    Detection Source: System

    User: LAPTOP-H1FST728\Mom Dad

    Process Name: Unknown

    Security intelligence Version: AV: 1.321.2085.0, AS: 1.321.2085.0, NIS: 1.321.2085.0

    Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4


    What should i do? I also hope I can solve this remediation incomplete problem in protection history

    :)
     
    Clark_y, Aug 25, 2020
    #1
  2. BRUINATOR
    bruinator Win User

    steps taken for infected Pc's.


    I was hoping someone could give me a list of step by step instructions you use as a guide to clean virus, malware...etc. so I can keep my PC clean if it gets infected.

    thx
     
    bruinator, Aug 25, 2020
    #2
  3. KURSAH
    Kursah Win User
    PowerShell instead of Commandline in Creators Update

    Interestingly enough my personal laptop just got the update...and still has Command Prompt listed, not PowerShell...

    Edit: Not that it matters...I use both regularly. *Toast :toast:
     
    Kursah, Aug 25, 2020
    #3
  4. MARK ISI
    Mark Isi Win User

    Is my windows powershell also infected?

    PowerShell randomly poping-up in tool bar

    Hello,

    Just to verify, do you have any scheduled tasks that uses Powershell? Scheduled tasks makes Powershell window appear periodically on your computer, therefore we suggest that you check the Task Scheduler. Here are the steps:

    • Click on Start.
    • In the search bar, type Task Scheduler and click on

      Task Scheduler       in the results.
    • Under Active Tasks, check for any tasks that use Powershell and the scheduled time.

    If the issue still persist, we suggest that you run a Windows Defender scan to see if it will pick up any malware that the first scan missed.

    Let us know the outcome.
     
    Mark Isi, Aug 25, 2020
    #4
Thema:

Is my windows powershell also infected?

Loading...

  1. Is my windows powershell also infected? - Similar Threads - powershell infected

  2. Was mache ich wenn in der PowerShell Befehle fehlen?

    in Windows 10 Gaming
    Was mache ich wenn in der PowerShell Befehle fehlen?: Hallöchen,meine PowerShell verweigert den Dienst. Computerverwaltung Lokal Admin:Timeout bei der Namensauflösung für den Namen t-ring-fdv2.msedge.net, nachdem keiner der konfigurierten DNS-Server geantwortet hat. Ereignis-ID:1024Ok habe bei Microsoft:...

  3. Was mache ich wenn in der PowerShell Befehle fehlen?

    in Windows 10 Software and Apps
    Was mache ich wenn in der PowerShell Befehle fehlen?: Hallöchen,meine PowerShell verweigert den Dienst. Computerverwaltung Lokal Admin:Timeout bei der Namensauflösung für den Namen t-ring-fdv2.msedge.net, nachdem keiner der konfigurierten DNS-Server geantwortet hat. Ereignis-ID:1024Ok habe bei Microsoft:...

  4. Windows PowerShell Error 80070002

    in Windows 10 Gaming
    Windows PowerShell Error 80070002: I am once again back for some Microsoft wisdom!I am trying to push out updates to my users and have a small few that are showing the error "Internal Windows PowerShell error. Loading managed Windows PowerShell failed with error 80070002."Additionally when I remote into the...

  5. Windows PowerShell Error 80070002

    in Windows 10 Software and Apps
    Windows PowerShell Error 80070002: I am once again back for some Microsoft wisdom!I am trying to push out updates to my users and have a small few that are showing the error "Internal Windows PowerShell error. Loading managed Windows PowerShell failed with error 80070002."Additionally when I remote into the...

  6. Powershell command execution in the background

    in Windows 10 Gaming
    Powershell command execution in the background: Hi,We can see powershell transcript generated however how can we find what process triggered that execution? It seems to be generated hourly. What can be seen in the transcript is that it is running "PS>Get-Process Select-Object -Property ProcessName"The transcript output as...

  7. Powershell command execution in the background

    in Windows 10 Software and Apps
    Powershell command execution in the background: Hi,We can see powershell transcript generated however how can we find what process triggered that execution? It seems to be generated hourly. What can be seen in the transcript is that it is running "PS>Get-Process Select-Object -Property ProcessName"The transcript output as...

  8. Powershell infected with IDP Generic by avast

    in AntiVirus, Firewalls and System Security
    Powershell infected with IDP Generic by avast: Hi, please help me identify if this is a malware or not. Everytime I turn off avast and turn it on again i get a message saying avast is infected with malware. I gave it an exception to get the code. If it is a malware, what should I do? Please help. Thanks!...

  9. Uncommanded Powershell prompt appears - is this an MS "legit" annoyance? Or an infection?

    in AntiVirus, Firewalls and System Security
    Uncommanded Powershell prompt appears - is this an MS "legit" annoyance? Or an infection?: I suddenly had the following Powershell screen appear - it was uncommanded at least I didn't invoke it. Has anybody else experienced this intrusive advert? Is it from MS ? Or something else? I have redacted the user id in the path [IMG]...

  10. My Powershell got infected by MSIL/Bladabindi!!!

    in AntiVirus, Firewalls and System Security
    My Powershell got infected by MSIL/Bladabindi!!!: well i'm using windows 10 my pc got infected by MSIL/Bladabindi... and for the worst it infected my powershell somehow my windows defender detect it and ask me to restart my pc to remove the backdoor i already restart my pc for more than 20 times, and the backdoor (a.k.a...