How to stop Powershell from executing remote commands

Page 2 of 2 FirstFirst 12

  1. Posts : 43
    Windows 10 Pro
    Thread Starter
       #11

    Scan is still going on.
    There were detected trojans which were all in
    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extension folder

    I checked all of them and they were all unrelated to any extensions.

    C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions folder is fine and unaffected.

    I checked on another computer and there was no 'Extension' folder, only 'Extensions'.
    At least we identified a big part of the problem.
    (Apparently this trojan affects chromium based browsers according to what I read on the internet)

    Now, after the scan and cleaning finishes, I am thinking to refresh Edge, though my Edge sync is on.
    The other sync computer is unaffected. So, I am thinking to try to refresh Edge and turn on sync again.
    (Suggestions welcome)

    Will report again.
    Thanks.
      My Computer


  2. Posts : 17,092
    Windows 10 Home x64 Version 22H2 Build 19045.4894
       #12

    What are you scanning with that is taking you this long?

    Denis
      My Computer


  3. Posts : 43
    Windows 10 Pro
    Thread Starter
       #13

    Scan finished. (Malware Bytes)
    I removed all the items (Extension folder in Edge, some registry items related to tasks)
    I restarted the computer and now doing a second scan.
    So far no events in the event log (Powershell Operational) after the restart. And 'Extension' folder is not created again.

    Current conclusion is the trojan infected Edge (apparently it affects chromium based browsers) and hid itself in the Extension folder and registry.
    I read that it hides itself in log files too, but there were no items detected other than Extension folder and some registry items.
    Second scan has not detected anything yet and hopefully, it is the end of this virus.

    P.S.: When I say 'Extension folder, I mean 'Extension' folder, not 'Extensions'. Apaarently, the trojan created the 'Extension' folder which does not exist in Edge.
      My Computer


  4. Posts : 17,092
    Windows 10 Home x64 Version 22H2 Build 19045.4894
       #14

    IMayNeed said:
    this is an unsecured wireless network
    Just to give you some food for thought - I never connect to unsecured WiFi networks. Anybody could be connected to them and could be running amok & attacking other users as well as the network host.
    Why is using unsecured wifi so DANGEROUS that a VPN is necessary - TenForums
    What is a VPN And why you should use a VPN on public Wi-Fi - Norton

    IMayNeed said:
    several people has access to router configuration.
    I imagine you already limit the numbers with access so there's no point my suggesting that.

    All the best,
    Denis
      My Computer


  5. Posts : 17,092
    Windows 10 Home x64 Version 22H2 Build 19045.4894
       #15

    IMayNeed said:
    Scan finished. (Malware Bytes)
    I removed all the items (Extension folder in Edge, some registry items related to tasks)
    I restarted the computer and now doing a second scan.
    Sounds good.

    When you are happy that it's all cleaned up, you can decide which utility to have as your main defence
    - MS Defender
    - Malwarebytes.

    You can, if you wish, turn off the MWB trial using MWB's own settings [its Account tab].
    Defender should then automatically take over the job of real-time defence.

    Denis
      My Computer


  6. Posts : 43
    Windows 10 Pro
    Thread Starter
       #16

    I am not authorized to limit router access. And yes, the reason I wrote that was that attack could have come from the network.

    Thanks for the suggestions and help.
      My Computer


  7. Posts : 17,092
    Windows 10 Home x64 Version 22H2 Build 19045.4894
       #17

    Oh, and welcome to TenForums.

    It's really worth making time to browse through the Tutorial index - there's a shortcut to it at the top of every page.
    - At the foot of the Tutorial index is a shortcut to download it as a spreadsheet.
    - I download a new copy each month.
    - By downloading it as a spreadsheet I can benefit from Excel's excellent filtering capabilities when I search for topics of interest.
    - Tutorials are also listed by category at Tutorials - there's also a shortcut to that at the top of every page.
    - Both tutorial lists are searchable.
    - You can also search for TenForumsTutorials in many general search engines, such as Google, by adding site:tenforums.com/tutorials after your search term. For example,
    taskbar toolbars site:tenforums.com/tutorials

    You can search TenForums using the search box in the top-right corner of all TenForums webpages or using Advanced Search - TenForums
    - You can also search TenForums threads in many general search engines, such as Google, by adding site:tenforums.com after your search term. For example,
    Search for drivers by HardwareID site:tenforums.com
    - [This is what the search box in the top-right corner of TenForums webpages does automatically]



    All the best,
    Denis
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:48.
Find Us




Windows 10 Forums