sdnian 6 Posted June 29, 2021 Share Posted June 29, 2021 I have several Windows Servers that consistently detect PowerShell/TrojanDownloader.Agent trojan. Every time EFSW shows cleaned by deleting, but the same log appears again after a few hours. How to solve this problem? One of the log collector file. efsw_logs.zip Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,257 Posted June 29, 2021 Administrators Solution Share Posted June 29, 2021 Please delete in safe mode: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CBB79C-CAFE-44EB-8276-8D73BF358244} HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27D70E29-CE41-4102-9013-381FDE9E441A} EFSW was installed on June 25, the threat was removed or cleaned before but not completely. sdnian 1 Link to comment Share on other sites More sharing options...
sdnian 6 Posted June 29, 2021 Author Share Posted June 29, 2021 41 minutes ago, Marcos said: Please delete in safe mode: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CBB79C-CAFE-44EB-8276-8D73BF358244} HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27D70E29-CE41-4102-9013-381FDE9E441A} EFSW was installed on June 25, the threat was removed or cleaned before but not completely. Thanks for your help. I'll try to delete them ASAP. Link to comment Share on other sites More sharing options...
Recommended Posts