Jump to content

PowerShell/Agent.FU malware?


Recommended Posts

Hi I've got this alert coming every few minutes.

Scanning with Eset and Malwarebytes didn't solve the problem.

Any idea on how to proceed?

 

Thanks.

Immagine.png

Link to comment
Share on other sites

  • Administrators

Please provide:
- logs collected with ESET Log Collector
- a Procmon boot log (stop logging after the threat has been detected after the system restart)

You may need to upload the archive(s) to a safe location and provide me with a download link. Especially the Procmon boot log can be quite big, depending on how long it takes for the threat to execute after a reboot.

Link to comment
Share on other sites

Thank you.

Here they are (hope I did them right):

 

thanks again

Edited by Marcos
Links to logs removed
Link to comment
Share on other sites

  • Administrators

Please compress the content of the c:\users\moreno\appdata\roaming\njiuearzu folder and send me the generated archive via a personal message.

 

Link to comment
Share on other sites

  • Administrators

Please check now. The threat should be detected as PowerShell/Agent.XD trojan and cleaned. If it has not been detected yet, try rebooting the machine so that a startup scan is run.

Link to comment
Share on other sites

Mi ritrovo anche io con lo stesso identico problema.. ogni 10 minuti viene rilevata la minaccia powershell/Agent.FU ma non viene eliminata, semplicemente bloccata. Qual è la risoluzione del problema? Grazie in anticipo

Link to comment
Share on other sites

  • Administrators
31 minutes ago, EKZero said:

Mi ritrovo anche io con lo stesso identico problema.. ogni 10 minuti viene rilevata la minaccia powershell/Agent.FU ma non viene eliminata, semplicemente bloccata. Qual è la risoluzione del problema? Grazie in anticipo

Since this is an English forum please post in English.

Please provide:
- logs collected with ESET Log Collector
- a Procmon boot log (stop logging after the threat has been detected after the system restart)

You may need to upload the archive(s) to a safe location and provide me with a download link. Especially the Procmon boot log can be quite big, depending on how long it takes for the threat to execute after a reboot.

Link to comment
Share on other sites

Hello Marcos, sorry if I wrote in Italian. You can find the requested file .zip to the follow link  

Thanks a lot

Link to comment
Share on other sites

  • Administrators

Please compress the content of c:\users\dell\appdata\roaming\duhjzwazt and supply me with the archive.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...