Power cell virus?

Question

This showed up on ym computer this morning

\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

I have sone the quick scans and it has not resulted in showing this

The bigger scans have almost always shown it

The scans that restat the computer show it

No matter how fast I am in pressing remove it will not remove

I have no idea in what to do I need help as in the same day two accounts on said computer have been hacked (discord,roblox). I'm on windows 11

Thanks

Answer 1

Hi, good day!

When was the last time it worked properly?

---

Please try to scan your computer for any virus or malware.

Please try to scan your system using Microsoft Safety Scanner or the free edition of Malwarebytes.

https://www.malwarebytes.com/mwb-download/

Microsoft Safety Scanner

https://learn.microsoft.com/en-us/defender-endpoint/safety-scanner-download?view=o365-worldwide

After that, please try to perform a Clean Boot of Windows

Determine whether a background program or a software conflict is causing the issue.

Press Windows key+R to open Run then type: msconfig

Press Enter

Select System Configuration > go to the Services tab.

(Important) Select and make sure to put a check mark on "Hide all Microsoft services"

Click Disable all.

Go to Startup tab > Open Task Manager > Disable all the unnecessary services running there. Restart your computer.

Please check the support article at the link below for more details.

https://support.microsoft.com/en-us/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd#ID0EBBD=Windows_11&id0ebbd=windows_10

I look forward to receiving your update and I'm willing to collaborate with you till we resolve the issue. Do keep me informed by clicking "Add comment" below.

---

Standard Disclaimer: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.

Answer 2

Please provide Farbar Recovery Scan Tool (FRST) logs for analysis.

https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: If you are using Edge or Chrome, SmartScreen may initially block the download. Click on the three dots next to the warning and select Keep => Click the Delete drop arrow => Keep anyway.

• If your computer's language is not English, rename FRST64.exe to FRST64English.exe
• Run the tool, leave the default settings, and press Scan.
• Zip the logs, FRST.txt and Addition.txt, then upload to a cloud storage service like OneDrive, Google Drive or gofile.io
• Post the share link.

https://support.microsoft.com/en-us/office/share-onedrive-files-and-folders-9fcc2f7d-de0c-4cec-93b0-a82024800c07

Answer 3

The path shown is the normal location of Windows PowerShell, but because scans that restart the PC keep detecting something and cannot remove it, this should be treated as a likely persistent malware issue rather than just a false alarm.

Follow these steps in order:

1. Run Microsoft Defender Offline scan
   1. Select Start > Settings > Update & Security > Windows Security > Virus & threat protection.
   2. Under Current threats, select Scan options.
   3. Select Microsoft Defender Antivirus (offline scan) or Windows Defender Offline scan and then select Scan now.
   4. The PC will restart and run a scan before Windows loads, which helps remove malware that keeps reinstalling itself.
2. Check Protection history and complete any required actions
   1. After the offline scan and restart, open Windows Security.
   2. Go to Virus & threat protection > Protection history.
   3. Look for entries such as Threat quarantined, Threat blocked, or Remediation incomplete.
   4. For Threat quarantined, choose Remove to fully delete it.
   5. If any item shows Remediation incomplete, select it and follow the additional steps indicated there.
3. If malware keeps coming back If the same threat is repeatedly detected after restarts, it is likely that an undetected component is reinstalling it.
   • Repeat the Microsoft Defender Offline scan as above.
   • Avoid visiting sites or opening downloads that might be reintroducing the malware (for example, illegal download sites or untrusted mirrors).
4. If system changes seem irreversible If accounts are being compromised and malware cannot be removed, consider:
   1. Backing up important files to an external location or cloud storage that was not connected during the infection.
   2. Using Windows recovery options to reset, restore, or reinstall Windows 11.
      • This can remove deeply embedded malware but may require reinstalling apps and restoring data from clean backups.
   3. After recovery, immediately run Windows Update and update all software so known security vulnerabilities are patched.
5. General protection steps
   • Ensure only one antivirus solution is installed and active to avoid instability.
   • Confirm Tamper Protection is turned on so malware cannot easily disable Microsoft Defender Antivirus.
   • Review how the Discord and Roblox accounts were accessed (reused passwords, phishing links, etc.) and change passwords from a known-clean device, enabling multi-factor authentication where available.

If, after an offline scan and (if needed) a Windows reset/reinstall, the same detection still appears and remediation remains incomplete, professional in-person support is recommended to avoid further account compromise.

---

References:

• Virus and Threat Protection in the Windows Security App
• Protection History
• Troubleshoot problems with detecting and removing malware
• Protect my PC from viruses