To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

How do I cleanse a system of this infection?

RobM
RobM Posts: 11 Security Scout

I get that this is probably something bad trying to run a powershell script, but how do I know what the offender is and how do I clean it?

 

F-Secure Protection Service for Business has identified the following security incidents:

Time;Account;Host;Infection;Action;Type;Infected Object;Infected Object SHA1

      Thu, 23 August 2018 20:21:06 UTC  MyCompany-internal  FLT-20 Exploit:W32/PowerShellStager.B!DeepGuard    Blocked    File  c:\windows\syswow64\windowspowershell\v1.0\powershell.exe  04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d

Comments

  • fedool
    fedool Posts: 162 Threat Terminator

    Hello,

     

    The detection is for blocking stagers from dropping or downloading their stage. So in usual cases, there should not be anything to clean except to delete or not to visit the document or website that triggered the detection.

     

    If the detection is recurring, it might be a sign that there was a file-less persistence that got past our defenses or some script is running and doing that.

     

    I will try to figure out if there is some log you can use to detect what initiates this detection.

This discussion has been closed.

Categories