Author Topic: new insidious malware threat  (Read 1166 times)

0 Members and 1 Guest are viewing this topic.

Offline Jonathan Campbell

  • Newbie
  • *
  • Posts: 2
new insidious malware threat
« on: April 12, 2022, 05:45:09 PM »
I have encountered a new and very insidious malware threat, and there is insufficient information about it in public forums.

It infected three of the computers in my household, my main PC, my wife's laptop, and my laptop.

It is referred to as the PowerShell Trojan. I do not know everything of what it does, although it appears it may be either a key logger or a platform for an intruder to execute commands.

It corrupts numerous Windows components, detected and fixed by SFC /scannow.

Its outward sign - sometimes so quickly it is difficult to see it - is two command windows at login that are running Powershell scripts.

The only scanner that appears to detect this malware appears to be Microsoft Windows Defender full scan, which is only accessible if you disable and completely remove any other anti-malware software. Here is the article on how to do this.
hxxps://www.windowscentral.com/how-use-windows-defender-command-prompt-windows-10

I began first by removing Chrome and carefully going through all of the startup apps to make sure they were all valid and did not have recent change dates. I ran SFC which revealed that many components had been corrupted. Then I ran Windows Defender full scan.

It is not detected by most anti-virus scanners, including AVG. It appears to contaminate some startup mechanism, I suspect in the Chrome browser. I don't know whether Avast One detects this malware, I suspect not since Avast and AVG share malware data and AVG did not detect it.

I hope this is helpful. Please run SFC /scannow in an Administrator command window, this will be a sure sign that your PC was affected by the malware.

Be well
Jon

« Last Edit: April 13, 2022, 03:11:40 PM by r@vast »

Offline Jonathan Campbell

  • Newbie
  • *
  • Posts: 2
Re: new insidious malware threat
« Reply #1 on: April 12, 2022, 06:05:18 PM »
A side note - it looks like there are several posts about Avast marking Powershell as malware. These may in fact be instances of the Powershell/Trojan, which uses Powershell to spread instances of the malware and (probably) establish some sort of background or inbound process.

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2760
Re: new insidious malware threat
« Reply #2 on: April 13, 2022, 03:13:44 PM »
Hi,

Please report/submit a suspicious sample via https://www.avast.com/report-malicious-file.php