Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Operative Memory Trojan - powershell.exe


  • Please log in to reply
1 reply to this topic

#1 JerichoRedman

JerichoRedman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 23 August 2016 - 03:52 PM

Hi. This is my first time reaching out for help, since I couldn't find any solutions to my problem.

Pretty straightforward. Got infected (lord knows how, I know my way around well enough to avoid stuff like this) by a trojan. It's targeting my operative memory, making my PC considerably slower; something I already noticed by now, and it's escalating quickly. Infection threat message goes roughly like this:
 

"Operative Memory = powershell.exe(2862) - a Win64/TrojanDonwloader.Agent.w trojan variant"

My antivirus says it's been removed. But every time I run the scanner, it still says I'm infected. Still receiving infection threat notification messages every time I start up Windows. So, I'm quite at a loss here, since I've never been infected by a trojan before and the antivirus won't disinfect it. Some of my specs are:

Windows 7 Ultimate 64 bits, SP1
Core i7-3537U 2.00-2.50 GHz
8GB Ram
ESET NOD32 9

Any help would be appreciated as to what to do. Thanks in advance.



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,611 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:43 AM

Posted 23 August 2016 - 09:20 PM

Welcome aboard p22002758.gif

 

Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.

2. Read the terms of the End-user license agreement and click Agree.

3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

newtool1_zpsa1caa06e.png

4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

newtool2_zps0e6d39b1.png

The tool will produce a log in the same directory the tool was run from.

Please copy and paste the log in your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users