I keep getting constant "Address has been blocked" notifications

[Adriana 0]

See title. How do I stop this?

I attached a screenshot down below. And here is the log:

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">27/05/2022 15:55:20</COLUMN>
      <COLUMN NAME="URL">hxxp://counter.wmail-service.com/v1/646D9ECF-CADA-4F26-8E58-E638A6891386?v=Downloads_Counter104</COLUMN>
      <COLUMN NAME="Status">Blocked</COLUMN>
      <COLUMN NAME="Detection">Internal blacklist</COLUMN>
      <COLUMN NAME="Application">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</COLUMN>
      <COLUMN NAME="User">TAMARA\tamar</COLUMN>
      <COLUMN NAME="IP address">2606:4700:3030::6815:456</COLUMN>
      <COLUMN NAME="Hash">F43D9BB316E30AE1A3494AC5B0624F6BEA1BF054</COLUMN>
    </RECORD>
 </LOG>

 

Edited May 27, 2022 by Adriana

[Marcos 4,539]

Please provide logs collected with ESET Log Collector for a start.

[Adriana 0]

eis_logs.zip

[itman 1,495]

A number of postings about this malware on the MalwareBytes forum; i.e. rogue scheduled task:

Quote

The rogue scheduled task that was the source of the whole matter has been removed, along with the associated sub-folders. This was a mis-use ( a rogue use) of a Microsoft VBS file thru the exploitation of powershell for the purpose of coin-mining ( it is thought). One may describe it as a obfuscated scheduled task. The one that was on this machine is pretty much similar to the others I have dealt with.

https://forums.malwarebytes.com/topic/286466-wmail-servicecom-riskware-blocked-powershellexe/?do=findComment&comment=1515334

Edited May 28, 2022 by itman

[Marcos 4,539]

Please make sure to enable:
- detection of potentially unsafe applications
- the LiveGrid Feedback system

[Adriana 0]

I enabled the settings you mentioned.

[itman 1,495]

6 hours ago, Adriana said:

I enabled the settings you mentioned.

Have the Eset alerts stopped?

[Adriana 0]

They have! Thanks for the assistance.