I made a mistake by downloading something suspicious from a sketchy website and now I'm dealing with a Trojan called "Trojan:Win32/Vigorf.A". It's been flagged repeatedly, but despite spending hours trying to get rid of it, I'm not sure if it's a real threat or just a false positive. The detection seems linked to:
"amsideviceharddiskvolume3windowssystem32windowspowershellv1.0powershell.exe"
Windows Defender keeps blocking it but can't seem to remove it completely. I'd appreciate any steps or advice on how to deal with this problem—I really want to learn from this mistake.
1 Answer
Powershell is a legitimate application, but it sounds like something is trying to execute it without your permission. If you've run Windows Defender, try using another antivirus like Malwarebytes as a backup just to be safe. It might be that the actual threat is gone, but something is still attempting to start Powershell. You can use Microsoft’s Autoruns tool to find and disable or remove the problematic startup entry.
Thanks for the suggestion! I did get Malwarebytes, and it removed one file, but nothing else was detected after that. I’ll give Autoruns a shot when I get a chance. Appreciate your help!