Radically

Yeah I avoid them in general, might have downloaded something that was already patched without even realizing it, but still somehow it still went under the radar, crazy!

So Cynet is trying to claim that one of the files associated with Eset is a Trojan Downloader? Haha

Sounds pretty severe, sounds like I'm better off reinstalling the OS in this case. I'm gonna be backing some of my files however some of them I'm using as setting configuration for software I use, some are productive projects, games, and etc.. How do I make sure wouldn't catch the same threat again if it goes undetected by most AV? I scan and inspect every file I open or execute including any associated files like DLLs and such and I run them through virustotal, even if they come from legitimate sources, when I got infected that's when it surprised me the most, so I'm assuming the virus that brought this kind of a payload is not registered in thr archives, it could probably be a new malware or one that not many have executed yet. Thank you in advance!

I haven't really been recieving any replies and every time I turn to their forum I get the bare minimum of support so I end up wiping me pc when situations such as these gnarly infections happen. Well all though respect their moderators have so many tickets to handle and work with on the daily and have been for years, so I understand why my thread is being dealt this way, but it's not helping much, so I turned over here since Eset at least gives me extra clues on what other detections exist on my machine, and this detection seems like Eset had recognized and probably understands more since as for MB it's not. I also browsed through the threads here a bit and I've noticed there are so many threads about people getting infected with powershell powered viruses recently, that's crazy! It's like browsing through the forums when wannacry hit town on everyone.

Hey! recently I have caught something Im not exactly sure where it appeared from, but one of the following days my Malwarebytes did a scan, and I got a few detections that looked like that: Detections showing I have been infected with whats appears to be called Trojan.VBS.TaskExecution Trojan.BitCoinStealer in different locations of my system. I've had them quarantined, however seeing that this is a task scheduling virus that tried infecting areas of my system that have to do with boot, I am sure just getting these files quarantined is just not enough, this virus is just bound to return upon the next time I restart my pc. I booted my system from safe mode and I scanned my pc with various anti viruses, without luck I couldnt find really much of anything, HOWEVER, the ESET on the other hand has detected that theres a powershell execution virus in my Google Chrome's cache folder! I had the virus deleted, scans my computer a few times more and I couldnt find anything. launching chrome again or restarting my pc (while remaining in safe mode) doesnt seem to bring the ransom/malware back. howvever since defender just plain out crashes when I try launching it in safe mode (win11 btw), I booted my operating system through normal boot and I accessed defender to do an offline scan, which returned with no results. I went back to safe mode and I did a quickscan with ESET, and nothing came up, I ran another scan however this time it was a custom scan targeting the chrome folder, and I the Powershell/agent.GZ.trojan came back! And when I try and do a quickscan with my malwarebytes, the scan ends within seconds as soon as its starts scanning files after scanning memory files and all the stuff it does in the beginning, however the scan works whenever I do a custom scan. obviously no results, When researching the virus I stumbled by this github topic, and the behavior within my virus and the spoken virus in the thread are similar, it seems like my virus is using different directories and places to hide in. https://gist.github.com/infernoboy/cf114fda56ff3706478e0d1e6a1a1b27?permalink_comment_id=4140687#gistcomment-4140687 I also found this thread on malwarebytes, this person is facing a virus under the same name: https://forums.malwarebytes.com/topic/286641-was-trojanvbstaskexecution/?do=findComment&comment=1515706 However, it seems that the virus's infected directories are more similar to that github thread I linked, BUT! the user on the malwarebytes topic mentions the virus runs a powershell execution from this location: %localappdata%\\Google\\Chrome\\User Data\\Default\\Extensions However for me, it runs from: %localappdata%\\Google\\Chrome\\User Data\\Default\\Cache\\Cache_Data Which makes me assume am I facing a slightly altered version of the same virus. I also ran the infected cache file through virustotal which suggests more information about what this virus could be, like how Kasparsky rather named it "HEUR:Trojan-Banker.PowerShell.ClipBanker.gen" while Eset names it ""PowerShell/Agent.GZ". https://www.virustotal.com/gui/file/3cd4d63a2f17e72f725aaa0d5babbf645f2947ca129f08b5f7c4f67cbb04973a?nocache=1 Help putting a fight against this thing would be really appreciated, thanks!