Powershell malware & browser assistant "updater.exe" from "Realistic Media Inc."

Posted 3/11/2021 11:43 PM
#130463
User avatar

RobDoyle Member

Date Joined Mar 2021
Total Posts: 1
16:36 yesterday I think my Son installed a trojan which uses powershell called "updater.exe" from "Realistic Media Inc" I need help to perform removal.



I had a strange dialog of Powershell on my screen for a second after booting and I had never seen that before.  I searched internet history and could see ravenfile dot com had been visited and Bullguard had allowed numerous .exe files to be downloaded and Powershell to be modified at this time.  My task manager also confirmed that Powershell was now active (wheras before it had not been).



Unfortunately Bullguard cannot detect anything wrong - even when I point it to the offending files.



User image



I have tried to delete Windows Powershell 1.0 folder on C:\ but it won't let me even though I am admin.



I have stopped all powershell processing in task manager, I have disabled the "Windows Powershell 2.0" in the Windows Features dialog.



I have many screenshots from my investigations.



Why didn't Bullguard prevent this?



hanks in advance for any help you can be.  I think I need to do a lot more to clean my system of this issue.



Rob Doyle
Posted 3/12/2021 12:41 PM
#130465
User avatar

Andreea-Luciana Ostache Advanced member

Date Joined Nov 2016
Total Posts: 861
Thank you for joining us Rob!

First, please allow me to advise that PowerShell is always there since it's part of the Windows Operating system. 

From what I can distinguish from your photos, your son tried to install Crossy Road and that just a game. The browser assistant you mention is likely installed as part of the installation process for the free game.

I understand that it can be scary to find your computer behaving strangley, but it's best to have a profesional look at your computer. Since you are a BullGuard customer, the right thing to do is contact us via our support channels, so we can troubleshoot the issues for you. 
Andreea-Luciana Ostache
Support Team Leader
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
Posted 3/19/2021 7:57 AM
#130468
User avatar

Andreea-Luciana Ostache Advanced member

Date Joined Nov 2016
Total Posts: 861
I am very glad to hear the issue is solved! Malwarebytes scans for things most security programs do not and we have always recommended their product. If you decide to buy the product, plase make sure to add the Malwarebytes program in the exceptions of BullGuard and vice-versa, so that your computer does not become slow. Real time protection engines conflict with each-other if not properly excluded. Again here a BullGuard agent can help.
Andreea-Luciana Ostache
Support Team Leader
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, April 21, 2021, 7:27 PM (GMT +2)
There are a total of 61,885 posts in 13,668 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,620 registered members. Please welcome our newest member, Johnilson.
There are currently no users on-line.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.

We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.