Jump to content

Killian Occelli

Members
  • Content Count

    3
  • Joined

  • Last visited

Profile Information

  • Location
    Switzerland
  1. Dear James, Thanks for your help. We ran the new vbs script. Attaching the latest dump here. We have patched our VMs that are infected. Dump261217.txt
  2. Dear James, Thanks for your help. After the reboot, the process come back after 30 minutes. We have patched the server and reset all admin password after th at You can find below the dump of the WMILister_22 script. Dump221217.txt Thanks in advance.
  3. Hi Everyone, I have the same problem as Marco2526 PowerShell Script - Possible Malicious Attack. I tested the commands below, but the fourth doesn't work. Get-WMIObject -Namespace root\Subscription -Class __EventFilter -filter "Name= 'SCM Event Filter'" |remOVe-WMIObject -Verbose Get-WMIObject -Namespace root\Subscription -Class CommandLineEventConsumer -Filter "Name='SCM Event Consumer'" | Remove-WMIObject -Verbose Get-WMIObject -Namespace root\Subscription -Class __FilterToConsumerBinding -Filter "__Path LIKE '%SCM Event Consumer%'" | REmOVE-WMIObject -Verbose ([WmiClas
×
×
  • Create New...