Is my windows powershell also infected?

  • Thread starter Thread starter Clark_y
  • Start date Start date
C

Clark_y

My friend was using my laptop and he clicked on a microsoft word file and Windows defender said that it was a threat so immediately we scanned it. He did not open the word file and I deleted the word file as well as the stated affected file in windows defender


Here's the status in the protection history




After that I decided to check event viewer to see what was going on and I saw this in the log:


Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:


Name: Trojan:Win32/Emotet.ARJ!MTB

ID: 2147747854

Severity: Severe

Category: Trojan

Path: file:_C:\Users\Mom Dad\AppData\Local\Temp\oFFIce2019\R_o2c8hj4.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: Real-Time Protection

User: LAPTOP-H1FST728\Mom Dad

Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Security intelligence Version: AV: 1.321.2085.0, AS: 1.321.2085.0, NIS: 1.321.2085.0

Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4


I see in the Process name that it's powershell? Does that mean it's infected? Another warning states that the Process name was unknown:

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:


Name: Trojan:Win32/Emotet.VC!MTB

ID: 2147757854

Severity: Severe

Category: Trojan

Path: file:_C:\Users\Mom Dad\AppData\Local\Temp\oFFIce2019\R_o2c8hj4.exe

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

User: LAPTOP-H1FST728\Mom Dad

Process Name: Unknown

Security intelligence Version: AV: 1.321.2085.0, AS: 1.321.2085.0, NIS: 1.321.2085.0

Engine Version: AM: 1.1.17300.4, NIS: 1.1.17300.4


What should i do? I also hope I can solve this remediation incomplete problem in protection history

Continue reading...
 
Back
Top