This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello, I have a problem with multiple Powershell instances either consuming CPU or RAM. I downloaded and ran Malwarebytes but no success. I saw that to get rid of the probable infection I could use Farbar Recovery Scan Tool. I ran it and have a FRST.txt and Addition.txt, in the files i found multiple "ATTENTION" issues on the frst.txt and the Trojan:BAT/PSRunner.VS!MSR infecting PowerShell on the addition.txt. I could not find instructions detailed enough to construct an fixlist.txt.
I hope someone can help me with this.
https://drive.google.com/file/d/1egjebgkkWiKKYbKgcWMdVPZGTho93f18/view?usp=sharing, https://drive.google.com/file/d/1s4bVpk1ba7pevJm_bZfAVhxV5fQJhtOQ/view?usp=sharing
Thanks a lot in advance.
Kimon
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Answer accepted by question author
Please upload Fixlog.txt and let me know how things are running.
Thanks. That all looks good in the fixlog. The main infection was a crypto stealer targetting:
binance, coinbase, blockchain, Voyager, BlockFi, crypto, coindesk, etoro, kucoin, Citi, paxful, paypal, huobi, poloniex, bittrex, kraken, bitfinex, bitstamp
If there's nothing further, you can delete the Farbar scanner and the C:\FRST folder.
If you could mark the thread as answered by clicking ‘Yes’ below the post that provided the solution...that'd be much appreciated.
Good luck :)
Thank you so much for the instant reply. No powershell instances are active now. Here is the Fixlog.txt
https://drive.google.com/file/d/132dVirT0dXp3PCSMMlaKUrVoh3KxK0fE/view?usp=sharing
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 71%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Hi Kimon,
Please run the fixlist below.
• Download fixlist.txt ([https://1drv.ms/t/s!AjVYLGw0OBWU2jiKPycBsfBMEA3...](https://1drv.ms/t/s!AjVYLGw0OBWU2jiKPycBsfBMEA3F?e=LpebXZ))
• Save Fixlist.txt to the folder where FRST64English.exe is located.
• Close all programs.
• Launch the Farbar Scanner tool and click "Fix".
• Restart Windows when prompted.
• Upload the output log file (FixLog.txt) to your OneDrive.