Jump to content

PowerShell/TrojanDownloader.Agent.DV trojan


Go to solution Solved by Marcos,

Recommended Posts

I have several Windows Servers that consistently detect PowerShell/TrojanDownloader.Agent trojan. Every time EFSW shows cleaned by deleting, but the same log appears again after a few hours. How to solve this problem?

Screenshot_2021-06-29_15-31-49.thumb.png.bd200fc64e779e3a11ac3d3e6796771c.png

 

One of the log collector file. efsw_logs.zip

Link to comment
Share on other sites

  • Administrators
  • Solution

Please delete in safe mode:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CBB79C-CAFE-44EB-8276-8D73BF358244}

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27D70E29-CE41-4102-9013-381FDE9E441A}

EFSW was installed on June 25, the threat was removed or cleaned before but not completely.

Link to comment
Share on other sites

41 minutes ago, Marcos said:

Please delete in safe mode:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28CBB79C-CAFE-44EB-8276-8D73BF358244}

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27D70E29-CE41-4102-9013-381FDE9E441A}

EFSW was installed on June 25, the threat was removed or cleaned before but not completely.

Thanks for your help. I'll try to delete them ASAP.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...