Jump to content

Suspected botnet Powershell/Generik A

martinCRut
 Share
Go to solution Solved by Marcos,

Recommended Posts

martinCRut

martinCRut 0

Posted
Posted

ESET reports blocking half a dozen instances this morning (Win 10 64)

Suspected botnet  Powershell/Generik A
Application: powershell.exe   
target: 159.65.89.65:443
user: NT authority/system

I have done a full scan and not found anything. Powershell is not running in Task manager-> details

 

I'm not sure where to go next.. thank you!

Link to comment
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 5,074

Posted
  • Administrators
  • Solution
Posted

Probably you're using DATTO RMM which has recently started to download 7zip via powershell. Please create an IDS exception.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...