WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2026 Poal.co

192

I've disabled powershell in policy maker; it's not showing up in autoruns. I also can't enter text into powershell either. i've run dism, scannow and chkdsk.

I've disabled powershell in policy maker; it's not showing up in autoruns. I also can't enter text into powershell either. i've run dism, scannow and chkdsk.

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (3).
[–] 2 pts

It sounds like malware that plans to send keystrokes to PS to unlock some things. A lot of malware doesn't show up in most security tools now so don't think you're clean just because you get no hits when you scan your machine. Also, check for hardware USB devices/dongles attached that might be sending keystrokes. Either way this is not looking good for the health of your machine.

[–] 1 pt

You are 100% correct sir. I ran malwarebytes and it showed nineteen "backdoors" and trojan this and that, both files and registry entries.

MB only quarantines, so I manually cleaned each file and registry entry, ran another scan, deleted all old restore points and it appears to be clean today. The files were all "win update" .vbs files, including logon. It got really granular into the registry- good learning experience at least.

Anything else I should look for? Any scanner or tools I can use for a more precise check?

[–] 1 pt

Yeah, this sounds very possible.

That or some piece of software has a really fucky update process and its failing.