How do I cleanse a system of this infection?

RobM
RobM W/ Alumni Posts: 11 Security Scout

I get that this is probably something bad trying to run a powershell script, but how do I know what the offender is and how do I clean it?

 

F-Secure Protection Service for Business has identified the following security incidents:

Time;Account;Host;Infection;Action;Type;Infected Object;Infected Object SHA1

      Thu, 23 August 2018 20:21:06 UTC  MyCompany-internal  FLT-20 Exploit:W32/PowerShellStager.B!DeepGuard    Blocked    File  c:\windows\syswow64\windowspowershell\v1.0\powershell.exe  04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d

Comments

  • fedool
    fedool W/ Staff, W/ Article Coordinator Posts: 162 W/ Staff

    Hello,

     

    The detection is for blocking stagers from dropping or downloading their stage. So in usual cases, there should not be anything to clean except to delete or not to visit the document or website that triggered the detection.

     

    If the detection is recurring, it might be a sign that there was a file-less persistence that got past our defenses or some script is running and doing that.

     

    I will try to figure out if there is some log you can use to detect what initiates this detection.

This discussion has been closed.