« previous next »
Pages: [1]   Go Down

Author Topic: Powershell.exe Malware  (Read 3425 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Powershell.exe Malware
« on: September 16, 2018, 01:19:06 AM »
Hello,

i have problem on my working pc avast show me (pic in attach) and its"moved" to the chest but in the chest is nothing, i am not sure but it lookslike sometimes it block or do something with my sql server + slow down my pc.

Can anybody help me?

Thank you very much!
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: Powershell.exe Malware
« Reply #1 on: September 16, 2018, 12:37:33 PM »
Logged

Offline PDI

  • Avast team
  • Full Member
  • *
  • Posts: 159
Re: Powershell.exe Malware
« Reply #2 on: September 16, 2018, 01:48:17 PM »
Hi Piggie,

the powershell was spawned via WMI. You can try to check the WMI settings via autoruns https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns.

The fileless malware means that the code for the powershell is on it's commandline. There isn't anything in the chest because there isn't any file to be stored there.

Regards,
PDI
Logged

Offline Pako7

  • Poster
  • *
  • Posts: 429
  • 18 years with Avast and i still recommend it
Re: Powershell.exe Malware
« Reply #3 on: September 16, 2018, 06:41:10 PM »
i have seen it on my virus chest .....

after it made had made some of my files disappear .....
Logged
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline PDI

  • Avast team
  • Full Member
  • *
  • Posts: 159
Re: Powershell.exe Malware
« Reply #4 on: September 16, 2018, 08:02:38 PM »
Hi,

it's different type of the detection. The fileless malware may drop files during the execution and it's removed during a malware removal. If any file is deleted the detection is visible in the chest.

Regards,
PDI
Logged
Pages: [1]   Go Up
« previous next »