Windows 10: Powershell malware

Discus and support Powershell malware in AntiVirus, Firewalls and System Security to solve the problem; One week ago. i had a powershell pop up and disappears within moments and takes 2gb ram usage malware for sure. i had nod32 app to clean my C:/ drive... Discussion in 'AntiVirus, Firewalls and System Security' started by Ali_FloppaFan, Feb 11, 2024.

  1. ALI_FLOPPAFAN
    Ali_FloppaFan Win User

    Powershell malware


    One week ago. i had a powershell pop up and disappears within moments and takes 2gb ram usage malware for sure. i had nod32 app to clean my C:/ drive and now the powershell pops up and disappears but nothing on task manager all safe but this keep happening so i ran autoruns64 app and saw this check photo. does it have something to do with it? i asked copilot ai but didn't give me a good answer for it. BTW: Task schedular didn't seem to have anything with powershell!

    :)
     
    Ali_FloppaFan, Feb 11, 2024
    #1
  2. MARK ISI
    Mark Isi Win User

    PowerShell randomly poping-up in tool bar

    Hello,

    Just to verify, do you have any scheduled tasks that uses Powershell? Scheduled tasks makes Powershell window appear periodically on your computer, therefore we suggest that you check the Task Scheduler. Here are the steps:

    • Click on Start.
    • In the search bar, type Task Scheduler and click on

      Task Scheduler       in the results.
    • Under Active Tasks, check for any tasks that use Powershell and the scheduled time.

    If the issue still persist, we suggest that you run a Windows Defender scan to see if it will pick up any malware that the first scan missed.

    Let us know the outcome.
     
    Mark Isi, Feb 11, 2024
    #2
  3. KURSAH
    Kursah Win User
    PowerShell instead of Commandline in Creators Update

    Interestingly enough my personal laptop just got the update...and still has Command Prompt listed, not PowerShell...

    Edit: Not that it matters...I use both regularly. *Toast :toast:
     
    Kursah, Feb 11, 2024
    #3
  4. GINO DES
    Gino Des Win User

    Powershell malware

    Windows powershell randomly popping up.

    Hi Fabian,

    Scheduled tasks that use Powershell can cause the Powershell window to appear periodically on your computer. We suggest that you check the Task Scheduler.

    • Click on Start.
    • In the search bar, type Task Scheduler and click on
      Task Scheduler       in the results.
    • Under Active Tasks, check for any tasks that use Powershell and the scheduled time.

    Malware can also cause this issue. We suggest that you use Windows Defender or a third-party security software to scan your system.

    Keep us updated with the results.
     
    Gino Des, Feb 11, 2024
    #4
Thema:

Powershell malware

Loading...

  1. Powershell malware - Similar Threads - Powershell malware

  2. how to fix this, windows security detected this malware: trojan powershell/DownInfo.ba

    in Windows 10 Gaming
    how to fix this, windows security detected this malware: trojan powershell/DownInfo.ba: affected items: CmdLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -EncodedCommand https://answers.microsoft.com/en-us/windows/forum/all/how-to-fix-this-windows-security-detected-this/c9ae359f-b0dd-41ac-8963-d182a7526f3a

  3. how to fix this, windows security detected this malware: trojan powershell/DownInfo.ba

    in Windows 10 Software and Apps
    how to fix this, windows security detected this malware: trojan powershell/DownInfo.ba: affected items: CmdLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -EncodedCommand https://answers.microsoft.com/en-us/windows/forum/all/how-to-fix-this-windows-security-detected-this/c9ae359f-b0dd-41ac-8963-d182a7526f3a

  4. active 'Amsiglob' malware in a PowerShell script was prevented from executing via AMSI

    in Windows 10 Gaming
    active 'Amsiglob' malware in a PowerShell script was prevented from executing via AMSI: Upon checking the device timeline in defender I observed the following activities:SenseIR.exe was observed initiating secure TLS connections to the following URLs: https://winatp-gw-neu.microsoft.comhttps://automatedirstrprdneu.blob.core.windows.net Followed by the below...

  5. active 'Amsiglob' malware in a PowerShell script was prevented from executing via AMSI

    in Windows 10 Software and Apps
    active 'Amsiglob' malware in a PowerShell script was prevented from executing via AMSI: Upon checking the device timeline in defender I observed the following activities:SenseIR.exe was observed initiating secure TLS connections to the following URLs: https://winatp-gw-neu.microsoft.comhttps://automatedirstrprdneu.blob.core.windows.net Followed by the below...

  6. PowerShell sometimes appears on startup - then disappears Malware

    in Windows 10 Gaming
    PowerShell sometimes appears on startup - then disappears Malware: Hello!I've downloaded an executable file a few days ago. Only after running it, did Avast flag it as a Trojan.DropperI noticed later that firefox had opened a website, which promptly shot me back me to Google.com. In terms of this, I think maybe my AdBlockers stopped...

  7. PowerShell sometimes appears on startup - then disappears Malware

    in Windows 10 Software and Apps
    PowerShell sometimes appears on startup - then disappears Malware: Hello!I've downloaded an executable file a few days ago. Only after running it, did Avast flag it as a Trojan.DropperI noticed later that firefox had opened a website, which promptly shot me back me to Google.com. In terms of this, I think maybe my AdBlockers stopped...

  8. PowerShell sometimes appears on startup - then disappears Malware

    in AntiVirus, Firewalls and System Security
    PowerShell sometimes appears on startup - then disappears Malware: Hello!I've downloaded an executable file a few days ago. Only after running it, did Avast flag it as a Trojan.DropperI noticed later that firefox had opened a website, which promptly shot me back me to Google.com. In terms of this, I think maybe my AdBlockers stopped...

  9. I need help with removing this Powershell Malware.

    in Windows 10 Gaming
    I need help with removing this Powershell Malware.: Hey i need help with some powershell coding if anyone can know what this code means! it is malware and im trying to know what to do because i have ran the command by accident, I did an antivirus full scan the threat was found it is Trojan:Script/Wacatac.H!ml but in protection...

  10. I need help with removing this Powershell Malware.

    in Windows 10 Software and Apps
    I need help with removing this Powershell Malware.: Hey i need help with some powershell coding if anyone can know what this code means! it is malware and im trying to know what to do because i have ran the command by accident, I did an antivirus full scan the threat was found it is Trojan:Script/Wacatac.H!ml but in protection...