Share via

How do i remove Trojan:PowerShell/Boxter.HGS!MTB ??

Nikola Reichlova 0 Reputation points
2025-12-26T09:20:17.4933333+00:00

Hello!! Trojan:PowerShell/Boxter.HGS!MTB Has been popping up in my defender lately and it blocks it for a minute and then comes back again, over and over and repeats it. I tried malware bytes scan but it didnt even flag it. What do i do?

amsi: \Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Microsoft Security | Microsoft Defender | Other

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Xavi 5 Reputation points
    2025-12-27T16:15:11.4166667+00:00

    Hi! Did all work? If not i had the same Problem today, and i managed to delete it. Here are the steps: (Please before you start following the steps, Read everything 1 Time, i doint want that you are ending up deleting folders that you need)

    1. go to the searchbar and search for ,,Tasks". I dont know really the exact Name on english, because i live in Germany... If you search it up, there will be a clock with a quarter full with yellow color. You open that and you look if on the List is a Task with a random Name or Symbols.
      (On my computer it was: fys5X1-5NFJE4-3LHUNZ) if you see a task with random letters or so, then click on the task one time, and under the list there are categories and you have to click on ,,Actions". Now there is another list under the List with the Tasks. There, it will say under Action ,,Start Program" or something similar and under Details there is a path for an .exe file.
      (on my PC it was "C:\Users(USERNAME)\AppData\Roaming\Inhibit\5NFJE4.exe", another time random letters for the .exe file. Remember the path or copy it anywhere!!!!!)
      If all that is similar to your problem, then now, right-click the task (in the UPPER list) with the long random name (me: fys5X1-5NFJE4-3LHUNZ) and click on delete.
    2. now if it said ,,AppData" on your path too, then go on to your keyboard and hit the Windows Key + R and write in the window that popped up ,,%appdata%. A Folder will open up. Now you search for the Folder next to ,,Roaming" in the Path. (in my case: ,,Inhibit"). open the folder and look if there is the .exe file with the random letters (in my case ,,5NFJE4.exe"). If yes, then delete the WHOLE folder (In my case the whole Inhibit Folder) not the Roaming or AppData Folder please.. the folder where the .exe is in. Then go to the Trash and permanently delete it.

    Now if you make a scan with Windows again, nothing will show up (hopefully)
    I hope it helped :D! Just ask if you need something!

    Was this answer helpful?

    2 people found this answer helpful.
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. AI answer

    2025-12-26T09:20:25.8933333+00:00

    To remove the Trojan:PowerShell/Boxter.HGS!MTB, you can use the following steps:

    1. Use Microsoft Defender: Since the Trojan is being detected by Microsoft Defender, you can try using the built-in tools to remove it. You can run a full scan with Microsoft Defender to ensure it detects and removes the threat.
    2. Use PowerShell Command: You can utilize the Remove-MpThreat cmdlet in PowerShell to remove active threats detected by Windows Defender. Here’s how to do it:
      • Open PowerShell as an administrator.
      • Run the command: Remove-MpThreat This command will remove all active threats that Windows Defender has detected on your computer.
    3. Check for Other Malware: Since Malwarebytes did not flag it, ensure that your Malwarebytes is updated to the latest version and run another scan. Sometimes, updating the software can help it detect newer threats.
    4. Manual Removal: If the above steps do not work, you may need to manually delete any suspicious files or restore your system to a previous state before the infection occurred.
    5. Seek Professional Help: If the Trojan persists, consider seeking help from a professional who specializes in malware removal.

    Make sure to back up your important data before proceeding with any removal steps to avoid data loss.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.