Author Topic: Powershell.exe Malware  (Read 290 times)

0 Members and 1 Guest are viewing this topic.

Offline Piggie

  • Newbie
  • *
  • Posts: 1
Powershell.exe Malware
« on: September 16, 2018, 01:19:06 AM »
Hello,

i have problem on my working pc avast show me (pic in attach) and its"moved" to the chest but in the chest is nothing, i am not sure but it lookslike sometimes it block or do something with my sql server + slow down my pc.

Can anybody help me?

Thank you very much!

Offline Pondus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 34729
Re: Powershell.exe Malware
« Reply #1 on: September 16, 2018, 12:37:33 PM »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline PDI

  • Avast team
  • Jr. Member
  • *
  • Posts: 70
Re: Powershell.exe Malware
« Reply #2 on: September 16, 2018, 01:48:17 PM »
Hi Piggie,

the powershell was spawned via WMI. You can try to check the WMI settings via autoruns https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns.

The fileless malware means that the code for the powershell is on it's commandline. There isn't anything in the chest because there isn't any file to be stored there.

Regards,
PDI

Offline Pako7

  • Full Member
  • ***
  • Posts: 182
  • 7 years with Avast and i still recommend it
Re: Powershell.exe Malware
« Reply #3 on: September 16, 2018, 06:41:10 PM »
i have seen it on my virus chest .....

after it made had made some of my files disappear .....

Offline PDI

  • Avast team
  • Jr. Member
  • *
  • Posts: 70
Re: Powershell.exe Malware
« Reply #4 on: September 16, 2018, 08:02:38 PM »
Hi,

it's different type of the detection. The fileless malware may drop files during the execution and it's removed during a malware removal. If any file is deleted the detection is visible in the chest.

Regards,
PDI