Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Operative Memory Trojan - powershell.exe

  • Please log in to reply
1 reply to this topic

#1 JerichoRedman


  • Members
  • 1 posts
  • Local time:11:28 PM

Posted 23 August 2016 - 03:52 PM

Hi. This is my first time reaching out for help, since I couldn't find any solutions to my problem.

Pretty straightforward. Got infected (lord knows how, I know my way around well enough to avoid stuff like this) by a trojan. It's targeting my operative memory, making my PC considerably slower; something I already noticed by now, and it's escalating quickly. Infection threat message goes roughly like this:

"Operative Memory = powershell.exe(2862) - a Win64/TrojanDonwloader.Agent.w trojan variant"

My antivirus says it's been removed. But every time I run the scanner, it still says I'm infected. Still receiving infection threat notification messages every time I start up Windows. So, I'm quite at a loss here, since I've never been infected by a trojan before and the antivirus won't disinfect it. Some of my specs are:

Windows 7 Ultimate 64 bits, SP1
Core i7-3537U 2.00-2.50 GHz
8GB Ram

Any help would be appreciated as to what to do. Thanks in advance.

BC AdBot (Login to Remove)


#2 Broni


    The Coolest BC Computer

  • BC Advisor
  • 42,735 posts
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:28 PM

Posted 23 August 2016 - 09:20 PM

Welcome aboard p22002758.gif


Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.

2. Read the terms of the End-user license agreement and click Agree.

3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.


4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.


The tool will produce a log in the same directory the tool was run from.

Please copy and paste the log in your next reply.

My Website


My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users