Question Popups about holographic drivers continually appearing ?

[Crunchyknees]

HI

Im using Windows 11 Pro and I continually get popups about holographic drivers. I have used numerous programs to clean things up . I have used Eset, Malwarebytes , Superantispyware without success. Here are the bad files. Every time i run those programs these 6 files are put into quarantine. The second I delete them from quarantine they start popping up again. Any ideas how i can fix this issue ?

4/18/2025 22:39:23 PM
Scanned files: 333434
Detected files: 6
Cleaned files: 6
Total scan time 00:17:03
Scan status: Finished
C:\ProgramData\Music\Hxmp3\sampling.ps1 PowerShell/Obfuscated.AD suspicious application cleaned by deleting

C:\ProgramData\Music\xmp3\sampling.ps1 PowerShell/Obfuscated.AD suspicious application cleaned by deleting

C:\ProgramData\WindowsHalographicDevices\SpatialStore\WiNMSIPC\StorageHealthModelDx.ps1 PowerShell/Obfuscated.AD suspicious application cleaned by deleting

C:\ProgramData\WindowsHalographicDevices\SpatialStore\WiNWSIPC\StorageHealthModelDx.ps1 PowerShell/Obfuscated.AD suspicious application cleaned by deleting

C:\ProgramData\WindowsHolographicDesigns\SpatialStore\IccidToRegion.ps1 PowerShell/Obfuscated.Z suspicious application cleaned by deleting

C:\ProgramData\WindowsHolographicDrivers\SpatialStore\TensorRollback.ps1 PowerShell/Obfuscated.Z suspicious application cleaned by deleting

 

[Ralston18]

Is Powershell being launched either at startup or at some other time later after boot up?

What caught my attention was "Powershell" and an apparent script named sampling.ps1.

And there are other .ps1 files listed.

Have you knowingly used Powershell and any such scripts?

Look in Task Manager > Start up and Task Scheduler for any unexpected or unknown applications that may be launching and reinstalling the files.

May not be obvious if there is malware involved.

When did the problems begin? Look in Reliability History/Monitor - the time line format may provide some clue.

 

[Crunchyknees]

HI Ralston18

I looked into these programs further. I opened the task manager like u suggested and sure enough the program that keeps installing these files is called screenconnect.clientservices, I also checked the history and sure enough it was installed on february 23. I searched for this file/program on the internet. Its supposedly used for remote support access for IT professionals. I haven't had any computer problems and i haven't requested tech help from any sites.

The only thing i can think of is that I turned 65 and applied for medicare, I called a couple times for info. Maybe the gubment [government ?] installed that without asking. I haven't used powershell and those are the only files that bring PowerShell. I tried to delete the files in task manager but they started popping up again shortly after. Just last week someone got into my uber account and charged a couple of rides to my credit card.

I've got to get a handle on this, do you have any other ideas?

 

[Ralston18]

Other ideas - yes.

I would not be surprised that when you were working on applying for Medicare that you got caught up in some fake, government "look alike" website. Likely the website may have tricked you into some download process.

Are you able to find and uninstall "screenconnect.clientservices"?

Take a look in Process Explorer (Microsoft, free) to look for any thing suspicous that is running.

https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

You may be able to stop something but you must also be careful not to stop something critical to your system.

Malware often spoofs legimate processes and it is easy to get mixed up.

= = = =

Consider that you/your system has been hacked and your personal identity stolen. Contact all banks, credit cards, financial resources etc. accordingly. Change all passwords.

Run Windows Defender/Security and Malwarebytes (free) to determine if they can find and remove any malware on your system.

If not, then you will probably need to do a clean reinstall of everything on your system. Likely that that should be done anyway.....

Is all important data backed up? Hopefully at least 2 x to locations other that the PC in question. You will need to scan that data as well.

There may be other ideas and suggestions posted.

 

[Crunchyknees]

HI Ralston

I went to the Microsoft help site. One of the Moderators there suggested i download and run a program called autoruns.exe. It basically does what u told me to do in a all in run package. My computer is back to normal. Thanks for your help!