Share via

Threat Name Trojan:PowerShell/AmsiBypazz.D!MTB

SVETOSLAV SVETOSLAV 20 Reputation points
2025-11-30T14:03:56.29+00:00

Hello

I need help removing this virus.

Threat Name Trojan:PowerShell/AmsiBypazz.D!MTB

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

amsi:_\Device\HarddiskVolume5\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

FRST file log

https://onedrive.live.com/?authkey=%21AItSjS10kMUco%2DI&id=512721943D76E138%21118&cid=512721943D76E138

Microsoft Security | Microsoft Defender | Other
0 comments
Answer accepted by question author
  1. _AW_ 64,056 Reputation points Volunteer Moderator
    2025-11-30T14:23:03.57+00:00
    • Download Fixlist.txt and save it in the folder where FRST64English.exe is located.
    • Close any apps with unsaved work.
    • Run FRST64English.exe and click "Fix".
    • The computer will reboot to complete the procedure.

    Please upload Fixlog.txt so I can check if any further action is needed.

    1 person found this answer helpful.

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-30T14:04:08.32+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To remove the Trojan:PowerShell/AmsiBypazz.D!MTB threat, you can follow these steps:

    1. Use Microsoft Defender Antivirus: Run a full scan using Microsoft Defender Antivirus, which is built into Windows 10 and 11. This tool can help detect and remove the Trojan.
    2. Use Microsoft Safety Scanner: If you want a second opinion, download and run the Microsoft Safety Scanner. This tool is designed to help remove malicious software from your computer. You can find it here.
    3. Remove Active Threats via PowerShell: You can also use the Remove-MpThreat cmdlet in PowerShell to remove active threats detected by Windows Defender. Open PowerShell as an administrator and run the following command: 
         Remove-MpThreat
      This command will remove all active threats from your local computer.
    4. Manual Removal: If the threat is still present after using the above tools, you can manually navigate to the file locations mentioned in your question and delete the files. However, be cautious when deleting files manually to avoid removing important system files.
    5. Full System Scan: After removing the threat, it’s advisable to run a full system scan to ensure that no other threats are present.

    For more detailed instructions on using these tools, refer to the resources provided in the references section below.

    References:

    0 comments
  2. SVETOSLAV SVETOSLAV 20 Reputation points
    2025-11-30T14:13:48.4766667+00:00
    0 comments
  3. SVETOSLAV SVETOSLAV 20 Reputation points
    2025-11-30T14:15:04.53+00:00

    Please file Fixlist txt.

    0 comments
  4. SVETOSLAV SVETOSLAV 20 Reputation points
    2025-11-30T21:12:14.1833333+00:00

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.