Windows 10 2004 powershell malware etc

[Hertzian56]

I'm on 2004 home edition this came with and after installing realtek drivers and some chipset drivers looks like they enabled defender, what a pain. So had the rigamarole of going to sordum, getting latest defcon version because the version I had no longer works or defender was flagging it and would continue to delete it after I allowed it, loop. So reading sordum info had to add the new folder to exceptions then I could run defcon and disable defender finally. I noticed that my Winaero tweaker was not able to disable defender either even after a restart, guess I'll have to update that as well. At least updates are still disabled.

=========================

 

I've had some weird happenings lately(Powershell RAM hog and sudden multiple hidden windows, freeze computer 10gb ram etc) and that usually means some infection so I went to bleepingcomputer and got the latest tdskiller etc and it found a couple of virus' so deleted them and restarted must have had something to do with it.

So after installing realtek audio drivers and the chipset stuff, from here: https://www.station-drivers.com/index.php?lang=en which I got from a toms hardware article so I suppose it's legit, I got multiple powershell windows running in the background and taking up 4gb ram. Not sure what happened. I then went to an intel page with win10 realtek drivers and tried to install it but after the restart and etc it said something and quite, like couldn't install etc and I noticed in device manager it doesn't say realtek but hd audio device with a MS driver from 2020, like original from when this was made. I have not had the powershell running in the background so far so I guess it was the realtek stuff.

========================

 

So got malwarebytes trial from bleepingcomputer and did a scan, since 20+ powershell windows in the background suddenly came back and spiked memory usage, froze computer for a while. Wow I guess I had a lot of malware on here in the registry so quarantined and deleted them see if it works.
 

[Hertzian56]

After researching this it seems to be tied to some browser assistant thing. I noticed that when I startup opera, the powershell spike happens after a few minutes. Malwarebytes has about 5 powershell trojans listed. Must have been at a site that injected this somehow to track usage in Opera specifically or the trigger was opening opera. Opera is not really that great just fast and works with difficult sites that really need all the bells and whistles to work right AND it's relatively lightweight compared to firefox/waterfox. I like the built in vpn as well, it's only for what you are looking at in the browser itself though.

https://forums.tomshardware.com/threads/d-b-scheduler-being-intrusive.3755832/

https://www.malwarebytes.com/blog/detections/trojan-browserassistant-ps

 

 

[Hertzian56]

yeah it was that or some other powershell trojan picked up somewhere, uninstalled malwarebytes free trial just do it again if I notice anymore problems, tdsskiller didn't pick anything up either, nor roguekill. I think this is also the cause of rdr2 out of virtual memory error I got the other day, only time I ever got it and I noticed the blue powershell window sometimes peeking through while playing, it was a memory hog and my system couldn't handle it while rdr2 was going at the same time. Sticking with just windows hd audio driver as well since it's worked during regular usage, although it's just some generic realtek driver anyways it probably doesn't have the overhead of full realtek drivers.