Suspicious Script Detected Windows 10

Our webroot Secure Anywhere on an HP laptop running Windows 10 22H2 displays a warning message either upon restart or sometimes during normal operation of the laptop. Running a scan turns the icon Green. Here is the information as listed in the scan log. Does anyone have more information about this suspicious script detection and what should be the remediation I should perform to remove this from the laptop? 


Suspicious script detected (rt): script file name: <unknown>, c-ref: 1817920AF7D9B8AF25E060E7862F5AFBAA014891701AE63D7D567A27E0E2D7AE, h-ref: 126, h-enabled: yes, h-type: PS/IEXObfuscated.E, h-id: 58c1d409-8750-4bee-96e9-6b4a8ac63c76, s-consulted: yes, s-advice: 3(0)
Wed 2023-05-24 16:21:38.0373    File blocked in realtime: C:\windows\sysnative\WindowsPowerShell\v1.0\powershell.exe [UniqueID: 00000000, MD5: (null), Size: 0 bytes] 


Best answer by TylerM 25 May 2023, 20:08

View original

2 replies

Userlevel 7
Badge +25

Hi @PantherPC 


I would contact support so they can assist. Powershell is built into windows and legitimate, but malware authors will abuse it for malicious behavior. It’s best to have an agent look at logs from your system. 


Webroot Support:

Submit a ticket

Call 1-866-612-4227

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.

Thank you. I submitted a support ticket. Let’s see what support finds as the problem and offers as a solution. I will re-post the solution once it is received and confirmed to resolve the issue.