benny_thom 0 Posted November 23, 2023 Share Posted November 23, 2023 Hello, looking for some help on this. Ive had this popping up accross all domain PC's over the last 48 hours. Is this some random scheduled task false positive issue or something to be concerned about? Ive had a look through task scheduler but nothing is lining up time-wise. I can grab full logs if thats whats needed. Appriciate any help. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 24/11/2023 8:08:01 am;Command line scanner;file;c:\windows\system32\windowspowershell\v1.0\powershell.exe;BAT/TrojanDownloader.Agent.PBO trojan;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred while attempting to run the following command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule;DC6F7F8D8E57105E797EF80742B41A1F5EE190CE; Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted November 23, 2023 Administrators Share Posted November 23, 2023 You can restore the file, it was a false positive which has been fixed. Link to comment Share on other sites More sharing options...
benny_thom 0 Posted November 24, 2023 Author Share Posted November 24, 2023 I dont believe its actually deleting a file, so there is nothing to restore, powershell and svchost arent going anywhere, . If its a false positive, I dont want to add as an exeception as that flags the path (powershell) and the detection, what if the same detection came up that wasnt a false positive? How do I flag the sheduled task (or whatever it is) thats causing this as a false positive in the first place? And firstly how do I even know it is? Surely I can dig into whats causing this specifically and resolve it. Otherwise im gonna keep recieving notifications that its cleaned, im in the 100's of these accross my machines. Link to comment Share on other sites More sharing options...
Recommended Posts