Published Feb 01, 2018 | Updated Feb 08, 2018

Trojan:PowerShell/Wannamine

Severe |Detected with Windows Defender Antivirus

Aliases: No associated aliases

Summary

Windows Defender Antivirus detects and removes this threat.

This threat is a fileless malware attack which can perform a number of actions of a malicious hacker's choice on your PC.

Find out ways that malware can get on your PC

You should: 

  • Patch EternalBlue (CVE-2017-0144) to prevent the malware from spreading.
  • Check task scheduler for all automated tasks
  • Disable VBScript to disable persistence. The program uses WScript.Shell com objects to maintain persistence.
  • Run a full scan. A full scan might find hidden malware.

Use the following free Microsoft software to detect and remove this threat:

Use cloud protection

Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender Antivirus for Windows 10. 

Go to Settings > Update & security > Windows Defender > Windows Defender Security Center > Virus & threat protection and make sure that your Cloud-based Protection settings is turned On.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

Follow us