sharif
-
Posts
6 -
Joined
-
Last visited
Posts posted by sharif
-
-
I can confirm that the issue was finally solved . Thank you for all for you
-
On 5/12/2022 at 8:33 PM, JamesR said:
I would not recommend deleting powershell and replacing it. Powershell is not infected, it is just being misused.
As it has been about a week, can you generate a new ESET Log Collector to provide here? When running ESET Log Collector, please ensure to select the profile "All" before clicking the "Collect" button. This will ensure we get as many logs as possible for this:
hi I attached the latest logs . But what schedule was under microsoft deleted but was under windows was not found
-
Hi ,
Sorry how to delete the following tasks from the task schedule :
Microsoft\Windows\YNbvqj\{0C8DCA40-B30A-414A-8C48-A7066C5571C8}
Microsoft\Windows\7pggoez\{0167B239-A303-4B3B-81BA-AAC4CE7F76C1}And how about deleting the poweshell file using linux live cd and copy a new file will it solve the issue ?
-
On 5/7/2022 at 8:14 AM, Marcos said:
Please provide me with:
C:\WINDOWS\{34A68307-58C5-4F29-9A41-9C7C0CECA01A}.txt
C:\WINDOWS\{0EAFDFE9-6C5F-4EF3-8CA3-16764C7036E9}.txtThen run WIndows scheduler and delete these tasks:
Microsoft\Windows\YNbvqj\{0C8DCA40-B30A-414A-8C48-A7066C5571C8}
Microsoft\Windows\7pggoez\{0167B239-A303-4B3B-81BA-AAC4CE7F76C1}After a reboot the threat should be no longer detected.
hi ,
Sorry for late replay .. I attached the required
{0EAFDFE9-6C5F-4EF3-8CA3-16764C7036E9}.txt {34A68307-58C5-4F29-9A41-9C7C0CECA01A}.txt
-
Hi ,
eset detect on the start up
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
6/5/2022 9:59:19 PM;AMSI scanner;file;script;PowerShell/PSW.CoinStealer.B trojan;blocked;HP-OMEN\SHARIF;;13DF47E8EE043D88ACC81942ECD827B8BD0F22A7;this is my logs . I attached the ESET Log Collector logs .
Thank you
powershell/psw.coinstealer.b
in Malware Finding and Cleaning
Posted
hi I got same issue . And here is my logs
Thank you
eis_logs.zip