Hi Everyone,
I have the same problem as Marco2526 PowerShell Script - Possible Malicious Attack.
I tested the commands below, but the fourth doesn't work.
Get-WMIObject -Namespace root\Subscription -Class __EventFilter -filter "Name= 'SCM Event Filter'" |remOVe-WMIObject -Verbose
Get-WMIObject -Namespace root\Subscription -Class CommandLineEventConsumer -Filter "Name='SCM Event Consumer'" | Remove-WMIObject -Verbose
Get-WMIObject -Namespace root\Subscription -Class __FilterToConsumerBinding -Filter "__Path LIKE '%SCM Event Consumer%'" | REmOVE-WMIObject -Verbose
([WmiClass]'root\default:Win32_TaskService') | Remove-WMIObject -Verbose
Get-WMIObject -Namespace root\Subscription -Class ActiveScriptEventConsumer -Filter "Name='SCM Event Consumer'" | Remove-WMIObject -Verbose
I have the error "Cannot convert value "root\default:win32_TaskService" to type "System.Management.ManagementClass. Error: "Not found "
You can find the dump of the WMILister_20.vbs script in my post.
dumpedscript.txt
It's on a VM with Windows Server 2008 R2.
Thanks in advance.