Jump to content

powershell/psw.coinstealer.b


Go to solution Solved by Marcos,

Recommended Posts

Hello guys please help me,

A threat found called powershell/psw.coinstealer.b

Below is a screenshot of the threat detected.

It says threat removed. The Access has been blocked

But these threats kept coming more often especially every time I log on to my computer.

Capture.PNG

Link to comment
Share on other sites

  • Administrators
1 hour ago, sharif said:

hi I got same issue . And here is my logs

Launch Windows Scheduler and delete the tasks:

Microsoft\Windows\GCRKUz
Microsoft\Windows\6SIGrU
Microsoft\Windows\Ewcds

Should the detection continue after a reboot, delete the following reg. values and reboot the machine:

HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19276D93-5626-465C-BA0F-B9E9E1CEA783}
HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{881DD363-FE8C-4900-9E1A-AC7DF2648DA3}
HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA604B1C-8958-41F1-AD76-55ABC3C51C4B}

Link to comment
Share on other sites

  • Administrators
  • Solution
11 minutes ago, jasonphilip said:

Hello apologies for the late reply. Here is my log

Please launch Windows Scheduler and delete the following task and reboot the machine:
Microsoft\Windows\eFECya

Should the problem persist, delete the following registry value and reboot the machine:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24444D6-714D-4331-AC2B-CE934A3A0CAE}

I'd also recommend enabling detection of potentially unsafe applications as well as the LiveGrid Feedback system for maximum protection.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...