I have encountered a new and very insidious malware threat, and there is insufficient information about it in public forums.
It infected three of the computers in my household, my main PC, my wife's laptop, and my laptop.
It is referred to as the PowerShell Trojan. I do not know everything of what it does, although it appears it may be either a key logger or a platform for an intruder to execute commands.
It corrupts numerous Windows components, detected and fixed by SFC /scannow.
Its outward sign - sometimes so quickly it is difficult to see it - is two command windows at login that are running Powershell scripts.
The only scanner that appears to detect this malware appears to be Microsoft Windows Defender full scan, which is only accessible if you disable and completely remove any other anti-malware software. Here is the article on how to do this.
hxxps://www.windowscentral.com/how-use-windows-defender-command-prompt-windows-10
I began first by removing Chrome and carefully going through all of the startup apps to make sure they were all valid and did not have recent change dates. I ran SFC which revealed that many components had been corrupted. Then I ran Windows Defender full scan.
It is not detected by most anti-virus scanners, including AVG. It appears to contaminate some startup mechanism, I suspect in the Chrome browser. I don't know whether Avast One detects this malware, I suspect not since Avast and AVG share malware data and AVG did not detect it.
I hope this is helpful. Please run SFC /scannow in an Administrator command window, this will be a sure sign that your PC was affected by the malware.
Be well
Jon
