Possible Powershell virus

Issue abstract: Norton 360 reports IDP.HELU.PSE45%s_cmd found

Detailed description:
Every time I use a terminal in Visual Studio Code, Norton finds a threat in Powershell, as shown in the attached image.

Running a full scan shows no malware after this. Then when I start VScode it brings it up again.

Also running Roguekiller Premium which doesn’t find anything and RKill doesn’t either.

==========================================

Product & version number: Norton 360, 24.11.9615

OS details: Windows 10 Pro 22H2, build 19045.5131

What is the error message you are seeing?

Threat name: IDP.HELU.PSE45%s_cmd
Threat type: Miscellaneous - This is malicious software that could harm your data, computer, or network.
Status: Threat detected
Detected by: Behavioral Protection
On PC from: 31/10/2024, 11:22
Last Used: 19/11/2024, 10:17
Startup Item: Yes

If you have any supporting screenshots, please add them:

Hello @HarryAdney
See details ?

When I read Visual Studio. I think about here

and I think v22 Data Protector & v24 Ransomware Protection

=======================================

When I read powershell.exe & IDP. I think about here and here

====================================================

Did you try temporarily disabling Behavior Protection…as test?
Settings → Antivirus → Real-Time Protection → Behavioral Protection

Thanks for getting back BJM.

FYI, I’m using Visual Studio Code, not Visual Studio - in case that matters.

I didn’t disable behaviour protection as I assumed that would then let potential malware remain active.

Thanks for the links and advice though; I’ll check through everything shortly.

Caveat: I’m not familiar with Visual Studio Code nor Visual Studio

Caveat: I’m not familiar with Visual Studio Code nor Visual Studio

Your work project/product has malware?
Are you writing/coding malware?

Did you try temporarily disabling Behavior Protection…as test?
Settings → Antivirus → Real-Time Protection → Behavioral Protection

See details ?

==================================

Issue:
Detailed description:
Product & version number:
OS details:
Error message:
Supporting screenshots: Show details

Note: Do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.

Hi, all, having the same issue using the software Play Your Damn Turn. Same file pops up with Norton’s Behavior features. I have not disabled the Behavioral feature as I have too much sensitive data on my laptop.

Tried uploading images, and your forum would not let me.

Same file name, same notification that it is piggybacking off of powershell.exe.

Any help is appreciated.

Please try uploading image to https://postimages.org/
Please try copy Direct link: and paste (space characters to break link) with your message.

for example:

https: //i. postimg. cc/FRDnZ2Zr/png-20065. png


or try Preformatted text </> to break link
https://i.postimg.cc/FRDnZ2Zr/png-20065.png

=============================================

Issue:
Detailed description:
Product & version number:
OS details:
Error message:
Supporting screenshots: Show details
Security History: related events

Note: Do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.

1 Like

I submitted a new topic, with all the images - once approved, it will appear in the forums, thank you.

All: Has anyone considered changing from x86 to x64 under the “Solution Platforms” and retest? Just a passing thought although I am not a programmer.

SA