I've been getting weekly warnings from BitDefender on my Windows 11 computer about malware attempting to execute a malicious command via PowerShell. The error message indicates that it tried to search for crypto wallets like Trezor and Ledger Live, collect user details, and send that information to a Telegram bot. I can't pin this down to any specific website or app, and my other devices are unaffected. Can anyone help me understand what's going on and what steps I should take?
3 Answers
It could be a hidden malware script running on your machine that triggers when a specific process starts. Since you mentioned BitDefender has blocked it, it's a good sign, but if you're looking to remove it completely, you might want to consider a malware removal tool that can identify and clean up hidden threats.
First, you should always verify your backups before making any changes to your system. This might not be related to any major infections, so stay calm. I recommend running a full scan with BitDefender and also checking for any suspicious programs in your startup and installed apps. Additionally, keep an eye on your firewall settings.
It sounds like you might have some unwanted software trying to access your system. The command that's being blocked seems to aim for your credentials and may indicate remote access attempts. Check your firewall settings to ensure that Remote Desktop or any remote access programs like TeamViewer aren't enabled. Also, have you done a full system scan with BitDefender yet?
I agree with you that remote access might not be the case here. More likely, it could be malware attempting to access your crypto details.
Based on what makes you think it's remote access? That seems a bit extreme.