Trojan.Downloader.Powershell

ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.

Short bio

Trojan.Downloader.Powershell is Malwarebytes’ generic detection name for Trojan downloaders that are or drop powershell scripts to get the payload.

Type of infection

Downloaders are often the first stage of infection from attacks from an exploit kit or a malicious email attachment. They are usually small and pre-programmed to download and start other malicious files.

Malicious behavior

Users may see suspicious Powershell activity.

Protection

Malwarebytes/ThreatDown products detect and block Trojan.Downloader.Powershell

Malwarebytes blocks Trojan.Downloader.Powershell
Malwarebytes blocks Trojan.Downloader.Powershell

Business remediation

How to remove Trojan.JSCeal with the Malwarebytes Nebula console

You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.

endpoint menu

Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.

Nebula detections

On the Quarantine page you can see which threats were quarantined and restore them if necessary.

Nebula Quarantaine

Home remediation

Malwarebytes can detect and remove Trojan.Starter.RTPScript without further user interaction.

Reboot the system if prompted to complete the removal process.

Please download Malwarebytes to your desktop.

Double-click MBSetup.exe and follow the prompts to install the program.

When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.

Click on the Get startedbutton.

Click Scan to start a Threat Scan.

Click Quarantine to remove the found threats.