Jump to content

powershell/psw.coinstealer.b


Go to solution Solved by Marcos,

Recommended Posts

Posted

Hello guys please help me,

A threat found called powershell/psw.coinstealer.b

Below is a screenshot of the threat detected.

It says threat removed. The Access has been blocked

But these threats kept coming more often especially every time I log on to my computer.

Capture.PNG

  • Administrators
Posted
1 hour ago, sharif said:

hi I got same issue . And here is my logs

Launch Windows Scheduler and delete the tasks:

Microsoft\Windows\GCRKUz
Microsoft\Windows\6SIGrU
Microsoft\Windows\Ewcds

Should the detection continue after a reboot, delete the following reg. values and reboot the machine:

HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19276D93-5626-465C-BA0F-B9E9E1CEA783}
HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{881DD363-FE8C-4900-9E1A-AC7DF2648DA3}
HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA604B1C-8958-41F1-AD76-55ABC3C51C4B}

  • Administrators
  • Solution
Posted
11 minutes ago, jasonphilip said:

Hello apologies for the late reply. Here is my log

Please launch Windows Scheduler and delete the following task and reboot the machine:
Microsoft\Windows\eFECya

Should the problem persist, delete the following registry value and reboot the machine:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24444D6-714D-4331-AC2B-CE934A3A0CAE}

I'd also recommend enabling detection of potentially unsafe applications as well as the LiveGrid Feedback system for maximum protection.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...