Avast WEBforum

Other => Viruses and worms => Topic started by: Piggie on September 16, 2018, 01:19:06 AM

Title: Powershell.exe Malware
Post by: Piggie on September 16, 2018, 01:19:06 AM
Hello,

i have problem on my working pc avast show me (pic in attach) and its"moved" to the chest but in the chest is nothing, i am not sure but it lookslike sometimes it block or do something with my sql server + slow down my pc.

Can anybody help me?

Thank you very much!
Title: Re: Powershell.exe Malware
Post by: Pondus on September 16, 2018, 12:37:33 PM
Instructions   >>  https://forum.avast.com/index.php?topic=194892.0


Title: Re: Powershell.exe Malware
Post by: PDI on September 16, 2018, 01:48:17 PM
Hi Piggie,

the powershell was spawned via WMI. You can try to check the WMI settings via autoruns https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns (https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns).

The fileless malware means that the code for the powershell is on it's commandline. There isn't anything in the chest because there isn't any file to be stored there.

Regards,
PDI
Title: Re: Powershell.exe Malware
Post by: Pako7 on September 16, 2018, 06:41:10 PM
i have seen it on my virus chest .....

after it made had made some of my files disappear .....
Title: Re: Powershell.exe Malware
Post by: PDI on September 16, 2018, 08:02:38 PM
Hi,

it's different type of the detection. The fileless malware may drop files during the execution and it's removed during a malware removal. If any file is deleted the detection is visible in the chest.

Regards,
PDI