Share via

Strange powershell usage in task manager, is it malware and how do I get rid of it?!

Anonymous
2024-11-18T23:02:37+00:00

Recently I've been downloading a lot of sketchy things on my laptop and i've noticed powershell.exe starting to pop up in task manager a lot. Is it a virus? and ho do I go about cleaning my laptop without wiping the whole disk?

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

  1. Anonymous
    2024-11-19T15:54:55+00:00

    Thank you for your detailed response.

    I think we should be in a more stable situation now.

    Assuming we run into a similar situation in the future, I would recommend disconnecting from the network immediately, as some viruses are unable to spread further, infect more files, or even infect other devices over the network once they are off the network.

    I have some follow-up suggestions that may help you ensure the long-term security of your system during daily use.

    1. Run a Malwarebytes scan on a regular basis and keep an eye on the “Startup” tab of the task manager for any new suspicious programs that are added.
    2. Continue to keep an eye on Task Scheduler for any unknown tasks, especially those in non-“Microsoft” or “Windows” folders, if you find any abnormality, you can disable the task and observe if the system is normal.
    3. If PowerShell.exe starts abnormally again or the malware reappears, it may indicate that there is still a hidden source of infection in the system.

    However, I think we should have eliminated this risk for now as far as the current situation is concerned.

    Assuming anything else strange shows up subsequently though, let me know, I'm always here.

    It is an honor to be of assistance to you and I hope that my efforts will be helpful to you.

    If you find my support helpful in some way, I kindly ask that you log into the account where you posted the topic and select “Yes” under the post offering a solution or “Mark as answer” my reply via “Advanced Tools”.

    This small gesture will not only provide better access to information for other users, but will also allow us to work together to build a more friendly and supportive community.

    Thank you for your understanding and cooperation! I look forward to your feedback.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-11-19T09:42:02+00:00

    I've restarted the PC, uninstalled the IDM program which was causing the problems, ran the antivirus with no internet and checked tasks. The Malwarebytes hasn't detected anything, and the powershell.exe is gone from Task Manager. I would say that the malware wouldn't have reappeared this fast anyway, but looks like the PCs clean for now.

    If I see anything reappearing, like the detections or the suspicious task, I'll notify you, but for now it looks like its gone.
    Thank you for your help, Arthur.

    Was this answer helpful?

    0 comments
  2. Anonymous
    2024-11-19T09:22:32+00:00

    Thank you for the reply, Arthur.
    I did the scanning with Malwarebytes and removed all the malware detections, but they keep reappearing. I'll attach a screenshot of the detections just in case.

    Image

    In the Task Manager startups, there seems to be nothing that's suspicious, but the program I'm worried about is "Internet Download Manager" that could have the malware, which I may or may not have downloaded from a third-party website.

    Image

    I haven't uninstalled the program, since I doubt it'll remove the malware with it, but come to think of it, maybe the malware wont keep reappearing if I get rid of the app, I will try that and get back to you.

    About the Task Scheduler, all the active tasks I saw were in "\Microsoft\Windows" location and the only different one was in "\GoogleSystem\GoogleUpdater". The malware still could be any one of them but I couldn't go about how to clear them as legitimate tasks.

    Reading your reply once more and I've come to notice that I hadn't turned off the internet connection while scanning with MalwareBytes, so ill try that again but without the connection.

    Thank you for your time.

    Was this answer helpful?

    0 comments
  3. Anonymous
    2024-11-19T08:47:00+00:00

    Hi Alex Beridze

    Welcome to Microsoft Community.

    Based on your description, I understand that you have strange PowerShell related tasks in your task manager, and I understand very well how you feel!

    From your screenshot, it appears to me that some application is calling PowerShell and creating self-signed certificates, and this behavior could indeed be a sign of malware or unwanted software.

    I will give you some options to hopefully resolve your issue successfully! However, this first reply may not be able to solve your problem due to less information and the fact that this issue requires different aspects of troubleshooting, so please understand and provide more information (pictures would be great!) in your reply. Thank you very much!

    Please note: Please disconnect from the Internet immediately to prevent what could really be a virus or malware from calling automatically. Disconnecting from the network allows us to prevent potential viruses or malware from communicating with external servers.

    Option 1: We try to do a full search of your computer using Windows Defender or some third-party reliable anti-virus software to see if there is any possibility of identifying malware or viruses.

    Option 2: We try to screen for any unfamiliar or suspicious applications in the Task Manager.

    “Ctrl + Shift + Esc” to open Task Manager -> select ‘Startup’ tab -> disable any unfamiliar or suspicious applications

    Option 3: Let's try to open “Task Scheduler” to see if there are any suspicious tasks that automatically run PowerShell scripts.

    If you find a task, we can check the name of the application that called it and disable or remove it.

    Option 4: Please try to clean boot your computer.

    Since clean boot uses only a limited set of files and drivers, it can help us to effectively troubleshoot the possibility of problems caused by third-party applications, drivers, and so on.

    You can refer to Clean Boot for more information: How to perform a clean boot in Windows - Microsoft Support

    After clean boot, please slide down the webpage after opening the link and find “How to determine what is causing the problem after you do a clean boot” This is a dichotomy that can help us pinpoint the service that is causing the problem and disable it!

    Disclaimer: A “clean boot” starts Windows with a minimal set of drivers and startup programs. It helps to determine whether a background service is interfering with your game or program and to isolate the cause of a problem. These steps of "clean boot" might look complicated at first glance. However, to avoid any trouble for you, please follow them in order and step-by step so that it will help you get back on track.

    Option 5: If you have made a restore point before, we can try to restore the system to before the problem occurred.

    Restore point restore system you can refer to: Use System Restore - Microsoft Support

    Please note: Restore Point Restore System will not delete your personal files and data, but it will delete third-party applications, drivers and Windows Update installed after the restore point time.

    I sincerely hope that the above solution will solve your problem. Please feel free to contact me if you have any problems or still can't solve them. (Photos related to the question would be great!).

    I look forward to hearing back from you. 

    Best Regards

    Arthur Sheng | Microsoft Community Support Specialist

    Was this answer helpful?

    0 comments