Solved Windows Powershell randomly popping up, MBytes blocking outbound comm

G

Glockwork Orange

New Member
Thread author
Feb 20, 2017
3
0
1
Czech Republic
Hi,

please see the info above. MBytes blocked communication marked as "macrosoftman[.]info" which I tracked to the following site: https://www.cybereason.com/the-dawn-of-sophisticated-powershell-adware-campaigns/

And also to another user's post that had a solution but it was marked as individual and potentially dangerous and/or not working for another system, so I am asking for help myself as well.

Thanks in advance.
 

Attachments

Hello,


Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
 
Thanks Blondie.

I ran it, it found a whole bunch of stuff that the FRST report pointed out. Attaching the report of Zemana and I also ran a new report of FRST in case it's of any interest.

I cannot confirm right away if it had helped or not (the PowerShell popups are rather random).
 

Attachments

Please remove this from your Control Panel:
DNS Unlocker (HKLM-x32\...\DNSUnlocker.ns) (Version: - ) <==== ATTENTION


And let me know if everything is okay now.
 
Hi again,

I seem to be unable to remove it from the Control Panel. I think I may have deleted it manually some time ago, so the files don't actually exist on my drive (when I try to click uninstall in CP, it says it could not find the uninstall.exe in a folder that well, does not exist anymore).

I suppose I should manually remove its entry in the registry?
 

You may also like...