Adriana 0 Posted May 27, 2022 Share Posted May 27, 2022 (edited) See title. How do I stop this? I attached a screenshot down below. And here is the log: <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Time">27/05/2022 15:55:20</COLUMN> <COLUMN NAME="URL">hxxp://counter.wmail-service.com/v1/646D9ECF-CADA-4F26-8E58-E638A6891386?v=Downloads_Counter104</COLUMN> <COLUMN NAME="Status">Blocked</COLUMN> <COLUMN NAME="Detection">Internal blacklist</COLUMN> <COLUMN NAME="Application">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</COLUMN> <COLUMN NAME="User">TAMARA\tamar</COLUMN> <COLUMN NAME="IP address">2606:4700:3030::6815:456</COLUMN> <COLUMN NAME="Hash">F43D9BB316E30AE1A3494AC5B0624F6BEA1BF054</COLUMN> </RECORD> </LOG> Edited May 27, 2022 by Adriana Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted May 27, 2022 Administrators Share Posted May 27, 2022 Please provide logs collected with ESET Log Collector for a start. Link to comment Share on other sites More sharing options...
Adriana 0 Posted May 27, 2022 Author Share Posted May 27, 2022 eis_logs.zip Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 27, 2022 Share Posted May 27, 2022 (edited) A number of postings about this malware on the MalwareBytes forum; i.e. rogue scheduled task: Quote The rogue scheduled task that was the source of the whole matter has been removed, along with the associated sub-folders. This was a mis-use ( a rogue use) of a Microsoft VBS file thru the exploitation of powershell for the purpose of coin-mining ( it is thought). One may describe it as a obfuscated scheduled task. The one that was on this machine is pretty much similar to the others I have dealt with. https://forums.malwarebytes.com/topic/286466-wmail-servicecom-riskware-blocked-powershellexe/?do=findComment&comment=1515334 Edited May 28, 2022 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted May 28, 2022 Administrators Share Posted May 28, 2022 Please make sure to enable: - detection of potentially unsafe applications - the LiveGrid Feedback system Link to comment Share on other sites More sharing options...
Adriana 0 Posted May 28, 2022 Author Share Posted May 28, 2022 I enabled the settings you mentioned. Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 28, 2022 Share Posted May 28, 2022 6 hours ago, Adriana said: I enabled the settings you mentioned. Have the Eset alerts stopped? Link to comment Share on other sites More sharing options...
Adriana 0 Posted May 28, 2022 Author Share Posted May 28, 2022 They have! Thanks for the assistance. Link to comment Share on other sites More sharing options...
Recommended Posts