Then, thanks for Avast, I found this "1.vbs" file in "C:\ProgramsData\Windows\Profile" folder. Before some moment (I don't know before exactly which one). But they has been created again and again. But I didn't find "1.vbs" nowhere on HDD.Īlso in this path I found WinSAT and WinDAT tasks (about last name I'm not sure exactly - maybe WinDNS or something like this). I found that this script called by scheduled task WinNAT from "\Microsoft\Windows\Maintenance\" path in task scheduler library. Some time ago a strange message begun appear about "1.vbs file not found" each 10min. I begun to take repeatedly a messages about my "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe.Īvast identifies it as 12 and as Script:SNH-gen. 698) with virus definitions vers - 211029-0) on my home PC under Win10(last updates). I made same thread today, but I'll move it here. A powershell command file/script in itself may be considered nothing more than a text file with the commands inside it.įollowing one from your first post and my reply, it is strange that nothing was quarantined. More so if you (or a file/program, etc.) aren't knowingly running a powershell script, then that activity is more suspect. So it is just the actions it is trying to carry out which Avast considers suspect. If you ran a manual scan on the powershell.exe file in the location given by the alert (as I did) you are likely to get the same result as I did, clean. It is this act that I feel Avast's Behaviour Shield doesn't like. Powershell.exe would normally sit dormant until a script/file to run powershell commands (is executed by) powershell.exe could be malicious. Note that I'm an avast user just like yourself not an avast team member. I have never needed to run powershell scripts so I'm not familiar with the process, so I'm afraid someone more knowledgable than I would have to give that.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |