- Mar 2, 2018
- 265
- 218
I have no idea where it came from or why, but powershell started popping up during every boot, though I didn't initially find anything wrong, it was more than a little annoying.
I spent quite a while hunting this down, and eventually learned it was a trojan which seemed to have two effects on my computer:
1, it SERIO|USLY bogged it down and caused multiple crashes.
2, it transmitted EVERY password used on my browsers, which resulted in the very tedious job of changing ALL my passwords ...
With ths in mind, I believe its fair to share what I found, in case one of you guys get caught out by this nasty little bug and need to identify/confirm whether you have it.
1... Check your user folder (c:\user\[username]) if it has a folder named ".steam" (with the period mark at the beginning) and it contains "steam_[string of numbers].csproj", you have your first potential confirmation.
2... Check your c:\user\[user]\appdata\roaming folder for "ProfessionalSingleLanguage.dat" if present, you have your second confirmation.
3... use malwarebytes antimalware to do a deep scan, it'll find those, several registry strings and such naming it as "trojan.powershell.e.generic" or something similar, whereas the microsoft community site has it listed as "
If you get positives, I suggest deleting the .steam folder and "ProfessionalSingleLanguage.dat" , then letting malwarebytes quarantine the rest.
Good luck and I hope you DON'T have the virus!
Also, the following page is a fair reference to what I learned online.
{edit}
The aforementioned virus effectively neuters most AV software by creating some really annoying exclusions, so, once you have removed the virus, check your primary anti virus software and disable/remove any/all exclusions created by the virus. That way, your AV system should be back up and running again
I spent quite a while hunting this down, and eventually learned it was a trojan which seemed to have two effects on my computer:
1, it SERIO|USLY bogged it down and caused multiple crashes.
2, it transmitted EVERY password used on my browsers, which resulted in the very tedious job of changing ALL my passwords ...
With ths in mind, I believe its fair to share what I found, in case one of you guys get caught out by this nasty little bug and need to identify/confirm whether you have it.
1... Check your user folder (c:\user\[username]) if it has a folder named ".steam" (with the period mark at the beginning) and it contains "steam_[string of numbers].csproj", you have your first potential confirmation.
2... Check your c:\user\[user]\appdata\roaming folder for "ProfessionalSingleLanguage.dat" if present, you have your second confirmation.
3... use malwarebytes antimalware to do a deep scan, it'll find those, several registry strings and such naming it as "trojan.powershell.e.generic" or something similar, whereas the microsoft community site has it listed as "
You must be registered to see the links
"If you get positives, I suggest deleting the .steam folder and "ProfessionalSingleLanguage.dat" , then letting malwarebytes quarantine the rest.
Good luck and I hope you DON'T have the virus!
Also, the following page is a fair reference to what I learned online.
You must be registered to see the links
{edit}
The aforementioned virus effectively neuters most AV software by creating some really annoying exclusions, so, once you have removed the virus, check your primary anti virus software and disable/remove any/all exclusions created by the virus. That way, your AV system should be back up and running again
Last edited: