It had code to use Powershell to download suspicious files from a sketchy domain. txt to avoid executing, and looked at in Notepad. Roaming folder contained suspicious files like "new.bat", which I changed to.I got Defender to find a trojan and/or suspicious file (something like test20.bat or test10.bat). I think trying to delete the Exclusions triggered Defender to disable.bat to Defender's Exclusion list to make it skip over scanning those things. After deleting the folder and running a scan with Windows Defender, I discovered something had added Roaming and various extensions like.I discovered that it had installed itself to my Roaming folder. I discovered an infection on my Win10 PC the other day when something I never heard of called AnyDesk popped up while I was browsing the internet and Windows Firewall asked about permissions.
I looked into enabling auditing for some files and folders to see if I could log events with more information to check for suspicious activity, but I don't understand how to make that work. Is there a way to secure Powershell and check for potential damage the scans might've missed? I think it hijacked legit processes. I'm not sure whether my system is still infected. exe that the attacking domain snuck onto my PC), I'm still concerned, especially when I check Event Viewer and see cryptic-sounding events involving the Powershell or logins. Something hijacked my Powershell and although I've scanned with anti-virus software (Windows Defender, Malwarebytes (trial), Microsoft Safety Scanner, and AdwCleaner), which caught and removed some trojans (but didn't detect some extremely suspicious files like an.
0 kommentar(er)
