jasonphilip 0 Posted June 27, 2022 Posted June 27, 2022 Hello guys please help me, A threat found called powershell/psw.coinstealer.b Below is a screenshot of the threat detected. It says threat removed. The Access has been blocked But these threats kept coming more often especially every time I log on to my computer.
Administrators Marcos 5,452 Posted June 27, 2022 Administrators Posted June 27, 2022 Please provide logs collected with ESET Log Collector for a start. jasonphilip 1
sharif 0 Posted June 27, 2022 Posted June 27, 2022 hi I got same issue . And here is my logs Thank you eis_logs.zip
Administrators Marcos 5,452 Posted June 27, 2022 Administrators Posted June 27, 2022 1 hour ago, sharif said: hi I got same issue . And here is my logs Launch Windows Scheduler and delete the tasks: Microsoft\Windows\GCRKUz Microsoft\Windows\6SIGrU Microsoft\Windows\Ewcds Should the detection continue after a reboot, delete the following reg. values and reboot the machine: HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19276D93-5626-465C-BA0F-B9E9E1CEA783} HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{881DD363-FE8C-4900-9E1A-AC7DF2648DA3} HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA604B1C-8958-41F1-AD76-55ABC3C51C4B}
jasonphilip 0 Posted June 28, 2022 Author Posted June 28, 2022 Hello apologies for the late reply. Here is my log eis_logs.zip
Administrators Solution Marcos 5,452 Posted June 28, 2022 Administrators Solution Posted June 28, 2022 11 minutes ago, jasonphilip said: Hello apologies for the late reply. Here is my log Please launch Windows Scheduler and delete the following task and reboot the machine: Microsoft\Windows\eFECya Should the problem persist, delete the following registry value and reboot the machine: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24444D6-714D-4331-AC2B-CE934A3A0CAE} I'd also recommend enabling detection of potentially unsafe applications as well as the LiveGrid Feedback system for maximum protection. jasonphilip 1
Recommended Posts