« previous next »
Pages: [1]   Go Down

Author Topic: Powershell - Fileless Malware  (Read 3065 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Powershell - Fileless Malware
« on: February 14, 2018, 12:41:34 PM »
Several times a day I'm getting the following notice:

We've moved the threat powershell.exe to your virus chest

Looking at details I get:

Threat Name: IDP.HELU>PSE13 - Fileless malware
Process: [drive letter]\System32\WindowsPowerShell\V1.0\powershell.exe
Detected by: Behavior Shield
Status: Move to Virus Chest

Look in the Virus Chest and there's no files in there.

This has been going on for a couple weeks now and I've run many antivirus, malware, and PUP checkers above and beyond Avast... and nothing, not a single one of them, finds a thing.

So... help please... this is driving me nuts.
Logged

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: Powershell - Fileless Malware
« Reply #1 on: February 14, 2018, 12:44:12 PM »
Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Powershell - Fileless Malware
« Reply #2 on: February 14, 2018, 02:31:32 PM »
Can you upload the file to www.virustotal.com too? (and post the scan result here please.)

Logged
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.
Pages: [1]   Go Up
« previous next »