Question Powershell virus ?

Toggle sidebar Toggle sidebar
D

Digital~Dreams

Prominent
Jun 24, 2022
52
6
535
A new one appearing once or twice daily, denying causes no obvious issue... "Windows powershell is trying to communicate with ceseurope.com"

Where has this come from and why ?

[mod edit: made link safer]
 
Last edited by a moderator:
Sort by date Sort by votes
Colif

Colif

Win 11 Master
Moderator
Jun 12, 2015
65,260
6,464
168,090
did you try bitdefender?
or https://www.hitmanpro.com/en-us

i doubt this will work but
Try a clean boot and see if it changes anything - make sure to read instructions and make sure NOT to disable any microsoft services or windows won't load right - https://support.microsoft.com/en-au/help/929135/how-to-perform-a-clean-boot-in-windows

it doesn't delete anything, it just stops non microsoft programs loading at startup. Easy to reverse

if clean boot fixes it, it shows its likely a startup program. You should, over a number of startups. restart the programs you stopped to isolate the one that is to blame.

its likely that won't fix it but worth a try.

just check windows I guess:

right click start button

choose powershell (admin)

copy/paste this command into window:

Repair-WindowsImage -Online -RestoreHealth

and press enter

Then type SFC /scannow

and press enter

Restart PC if SFC fixes any files as some fixes require a restart to be implemented

First command repairs the files SFC uses to clean files, and SFC fixes system files

SFC = System File Checker. First command runs DISM - https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/what-is-dism?view=windows-11
 
Upvote 0 Downvote
D

Digital~Dreams

Prominent
Jun 24, 2022
52
6
535
Colif said:
did you try bitdefender?
or https://www.hitmanpro.com/en-us

i doubt this will work but
Try a clean boot and see if it changes anything - make sure to read instructions and make sure NOT to disable any microsoft services or windows won't load right - https://support.microsoft.com/en-au/help/929135/how-to-perform-a-clean-boot-in-windows

it doesn't delete anything, it just stops non microsoft programs loading at startup. Easy to reverse

if clean boot fixes it, it shows its likely a startup program. You should, over a number of startups. restart the programs you stopped to isolate the one that is to blame.

its likely that won't fix it but worth a try.
Click to expand...

Not impressed with hitman, found lots of false positives and refused to delete anyway as needed to be registered (even though I followed the procedure for free). Thank god it didn't auto delete or would have bust a few of my programs (such as one downloaded direct from Nvidia development).

Clean boot might not be feasable as the message appears randomly around twice a day if pc on most of the time...

ceseurope.com seems to be a printer cartridge recycling company ?. Might just block the comms next time it pops up and hope other powershell functions arent affected in the future.
 
Upvote 0 Downvote
Colif

Colif

Win 11 Master
Moderator
Jun 12, 2015
65,260
6,464
168,090
That isn't the original link you got. I edited it as if people searched it, they would have been offered a file.
actual link was cesar europe without the space.

maybe blacklist the site in defender if it lets you

look in scheduled tasks and see if anything set in there.
 
Upvote 0 Downvote
D

Digital~Dreams

Prominent
Jun 24, 2022
52
6
535
Strange, yes tried via android and downloads 'download.bin' without displaying any website. YET eset smart security (that alerts me) gives it a green tick and says 'discovered 1 year ago' ?
 
Upvote 0 Downvote
Ralston18

Ralston18

Titan
Moderator
Oct 11, 2014
34,884
3,323
146,290
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom