Adriana 0 Posted May 27 Share Posted May 27 (edited) See title. How do I stop this? I attached a screenshot down below. And here is the log: <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Time">27/05/2022 15:55:20</COLUMN> <COLUMN NAME="URL">hxxp://counter.wmail-service.com/v1/646D9ECF-CADA-4F26-8E58-E638A6891386?v=Downloads_Counter104</COLUMN> <COLUMN NAME="Status">Blocked</COLUMN> <COLUMN NAME="Detection">Internal blacklist</COLUMN> <COLUMN NAME="Application">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</COLUMN> <COLUMN NAME="User">TAMARA\tamar</COLUMN> <COLUMN NAME="IP address">2606:4700:3030::6815:456</COLUMN> <COLUMN NAME="Hash">F43D9BB316E30AE1A3494AC5B0624F6BEA1BF054</COLUMN> </RECORD> </LOG> Edited May 27 by Adriana Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,237 Posted May 27 Administrators Share Posted May 27 Please provide logs collected with ESET Log Collector for a start. Quote Link to comment Share on other sites More sharing options...
Adriana 0 Posted May 27 Author Share Posted May 27 eis_logs.zip Quote Link to comment Share on other sites More sharing options...
itman 1,397 Posted May 27 Share Posted May 27 (edited) A number of postings about this malware on the MalwareBytes forum; i.e. rogue scheduled task: Quote The rogue scheduled task that was the source of the whole matter has been removed, along with the associated sub-folders. This was a mis-use ( a rogue use) of a Microsoft VBS file thru the exploitation of powershell for the purpose of coin-mining ( it is thought). One may describe it as a obfuscated scheduled task. The one that was on this machine is pretty much similar to the others I have dealt with. https://forums.malwarebytes.com/topic/286466-wmail-servicecom-riskware-blocked-powershellexe/?do=findComment&comment=1515334 Edited May 28 by itman Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,237 Posted May 28 Administrators Share Posted May 28 Please make sure to enable: - detection of potentially unsafe applications - the LiveGrid Feedback system Quote Link to comment Share on other sites More sharing options...
Adriana 0 Posted May 28 Author Share Posted May 28 I enabled the settings you mentioned. Quote Link to comment Share on other sites More sharing options...
itman 1,397 Posted May 28 Share Posted May 28 6 hours ago, Adriana said: I enabled the settings you mentioned. Have the Eset alerts stopped? Quote Link to comment Share on other sites More sharing options...
Adriana 0 Posted May 28 Author Share Posted May 28 They have! Thanks for the assistance. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.