Jump to content

Suspected botnet Powershell/Generik A


Go to solution Solved by Marcos,

Recommended Posts

ESET reports blocking half a dozen instances this morning (Win 10 64)

Suspected botnet  Powershell/Generik A
Application: powershell.exe   
target: 159.65.89.65:443
user: NT authority/system

I have done a full scan and not found anything. Powershell is not running in Task manager-> details

 

I'm not sure where to go next.. thank you!

Link to comment
Share on other sites

  • Administrators
  • Solution

Probably you're using DATTO RMM which has recently started to download 7zip via powershell. Please create an IDS exception.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...