jasonphilip 0 Posted June 27, 2022 Share Posted June 27, 2022 Hello guys please help me, A threat found called powershell/psw.coinstealer.b Below is a screenshot of the threat detected. It says threat removed. The Access has been blocked But these threats kept coming more often especially every time I log on to my computer. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted June 27, 2022 Administrators Share Posted June 27, 2022 Please provide logs collected with ESET Log Collector for a start. jasonphilip 1 Link to comment Share on other sites More sharing options...
sharif 0 Posted June 27, 2022 Share Posted June 27, 2022 hi I got same issue . And here is my logs Thank you eis_logs.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,143 Posted June 27, 2022 Administrators Share Posted June 27, 2022 1 hour ago, sharif said: hi I got same issue . And here is my logs Launch Windows Scheduler and delete the tasks: Microsoft\Windows\GCRKUz Microsoft\Windows\6SIGrU Microsoft\Windows\Ewcds Should the detection continue after a reboot, delete the following reg. values and reboot the machine: HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19276D93-5626-465C-BA0F-B9E9E1CEA783} HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{881DD363-FE8C-4900-9E1A-AC7DF2648DA3} HKLM\SOFTWARE\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA604B1C-8958-41F1-AD76-55ABC3C51C4B} Link to comment Share on other sites More sharing options...
jasonphilip 0 Posted June 28, 2022 Author Share Posted June 28, 2022 Hello apologies for the late reply. Here is my log eis_logs.zip Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,143 Posted June 28, 2022 Administrators Solution Share Posted June 28, 2022 11 minutes ago, jasonphilip said: Hello apologies for the late reply. Here is my log Please launch Windows Scheduler and delete the following task and reboot the machine: Microsoft\Windows\eFECya Should the problem persist, delete the following registry value and reboot the machine: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D24444D6-714D-4331-AC2B-CE934A3A0CAE} I'd also recommend enabling detection of potentially unsafe applications as well as the LiveGrid Feedback system for maximum protection. jasonphilip 1 Link to comment Share on other sites More sharing options...
jasonphilip 0 Posted June 28, 2022 Author Share Posted June 28, 2022 Thank you so much! Link to comment Share on other sites More sharing options...
Recommended Posts