Powershell opens and closes very frequently.
Solved
JeremHomme
Posted messages
1
Status
Membre
-
bazfile Posted messages 58430 Registration date Status Modérateur Last intervention -
bazfile Posted messages 58430 Registration date Status Modérateur Last intervention -
Hello, PowerShell often opens and I've seen quite a few posts like this saying I need to download FRST. Here are the links:
Addition.txt -> https://www.cjoint.com/c/LAncB27TYaz
FRST: https://www.cjoint.com/c/LAncziQoxIz
If you could help me, thank you
Configuration: Windows / Opera 82.0.4227.43
Addition.txt -> https://www.cjoint.com/c/LAncB27TYaz
FRST: https://www.cjoint.com/c/LAncziQoxIz
If you could help me, thank you
Configuration: Windows / Opera 82.0.4227.43
3 réponses
Powershell should not really open anymore since you removed the scheduled task "ChromeLoader" with ADWcleaner that caused this opening. However, there is still a Trojan on your PC. After the cleanup, I advise you to change all your online passwords.
You downloaded something suspicious, and that may have infected your PC. Windows Defender has warned you:
Procedure to follow in the order indicated:
1- Open FRST as an administrator by right-clicking on FRST and choosing run as administrator
2 - Copy the entire script in the box below:
3- Once the script is copied, click on Repair. FRST will automatically take the script from the clipboard.
Let the repair process complete. Once it’s done, you will be asked to restart your PC. Do so as soon as it prompts you, see below.
Then once your computer has restarted:
4- You will have a Fixlog file on your desktop. Then send these reports to https://www.cjoint.com/ see this tutorial then provide the link generated by Cjoint in your next message.
bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.
You downloaded something suspicious, and that may have infected your PC. Windows Defender has warned you:
Severity: Severe
Category: Trojan
Path: file:_C:\Users\jerem\OneDrive\Bureau\Release\OpenВullet.exe
Procedure to follow in the order indicated:
1- Open FRST as an administrator by right-clicking on FRST and choosing run as administrator
2 - Copy the entire script in the box below:
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\jerem\OneDrive\Bureau\Release\OpenВullet.exe
Task: {0F10511D-FDB3-4F5B-A130-3132975BD1E6} - \ChromeLoader -> No file
Task: {B7E4CE8B-2E8E-41A4-95FB-B75BDACD33A2} - System32\Tasks\Microsoft\svchost\svchost7 => C:\Users\jerem\AppData\Roaming\Microsoft\svchost7\svchost.exe [356352 2021-10-10] (Microsoft Corporation) [Unsigned file]
Task: {DB2B643A-0AA5-49D8-B3D5-16D4EA632A86} - System32\Tasks\Microsoft\svchost\svchost8 => C:\Users\jerem\AppData\Roaming\Microsoft\svchost8\svchost.exe [8192 2021-04-24] (Microsoft Corporation) [Unsigned file]
C:\Users\jerem\AppData\Roaming\Microsoft\svchost7\svchost.exe
C:\Users\jerem\AppData\Roaming\Microsoft\svchost8\svchost.exe
EmptyTemp:
End::
3- Once the script is copied, click on Repair. FRST will automatically take the script from the clipboard.
Let the repair process complete. Once it’s done, you will be asked to restart your PC. Do so as soon as it prompts you, see below.
Then once your computer has restarted:
4- You will have a Fixlog file on your desktop. Then send these reports to https://www.cjoint.com/ see this tutorial then provide the link generated by Cjoint in your next message.
5- CHECK AND TELL ME IF YOUR PROBLEM IS STILL PRESENT
FOR INFORMATION:
Your version of Windows 10 is not up to date. To check this, go to this page, click on Update now, this will launch the Microsoft tool download, just open it and it will allow you to update Windows 10 to the latest version and tell you if it’s compatible with your PC. Be careful, this update takes some time. If you have a laptop, plug it into the power, as it would be a shame to run out of battery before the update is finished.bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.
Hello,
While waiting for a helper to wake up this morning who can assist with FRST, you can try to clean up as best as you can like this:
You can check your system with UnHackMe; the "First Scan" at installation may find something.
Be careful before deleting, as there may be good files that are necessary for booting or for the functioning of the PC.
Take your time, look at all the details, do some research.
Analyze unknown files with VirusTotal Uploader > Right-click > Send To > VirusTotal
(Download the App here)
https://support.virustotal.com/hc/en-us/articles/115002179065-Desktop-Apps
You need to display hidden files in Explorer with View > Options > View
(To see all files).
You can use "Reanimator" by the button next to the clock, close the front window by the [X] at the top right, and go to the "Reanimator" tab > Anti Spyware Full Check to learn more.
Note: UnHackMe is a 30-day trial version
RegRun Reanimator is similar and free, does a bit less.
While waiting for a helper to wake up this morning who can assist with FRST, you can try to clean up as best as you can like this:
You can check your system with UnHackMe; the "First Scan" at installation may find something.
Be careful before deleting, as there may be good files that are necessary for booting or for the functioning of the PC.
Take your time, look at all the details, do some research.
Analyze unknown files with VirusTotal Uploader > Right-click > Send To > VirusTotal
(Download the App here)
https://support.virustotal.com/hc/en-us/articles/115002179065-Desktop-Apps
You need to display hidden files in Explorer with View > Options > View
(To see all files).
You can use "Reanimator" by the button next to the clock, close the front window by the [X] at the top right, and go to the "Reanimator" tab > Anti Spyware Full Check to learn more.
Note: UnHackMe is a 30-day trial version
RegRun Reanimator is similar and free, does a bit less.
FixLog:
https://www.cjoint.com/c/LAnk1zsxH6z
I will update it and get back to you if it works.
Was it useful to do what "fabul" advised me to do before your intervention this morning?
You can uninstall FRST, rename the FRST file you downloaded to uninstall, and once the file is renamed, open it; the uninstallation will occur automatically with a restart of the PC.