Powershell malware & browser assistant "updater.exe" from "Realistic Media Inc."

16:36 yesterday I think my Son installed a trojan which uses powershell called "updater.exe" from "Realistic Media Inc" I need help to perform removal.



I had a strange dialog of Powershell on my screen for a second after booting and I had never seen that before.  I searched internet history and could see ravenfile dot com had been visited and Bullguard had allowed numerous .exe files to be downloaded and Powershell to be modified at this time.  My task manager also confirmed that Powershell was now active (wheras before it had not been).



Unfortunately Bullguard cannot detect anything wrong - even when I point it to the offending files.







I have tried to delete Windows Powershell 1.0 folder on C:\ but it won't let me even though I am admin.



I have stopped all powershell processing in task manager, I have disabled the "Windows Powershell 2.0" in the Windows Features dialog.



I have many screenshots from my investigations.



Why didn't Bullguard prevent this?



hanks in advance for any help you can be.  I think I need to do a lot more to clean my system of this issue.



Rob Doyle

Thank you for joining us Rob!

First, please allow me to advise that PowerShell is always there since it's part of the Windows Operating system. 

From what I can distinguish from your photos, your son tried to install Crossy Road and that just a game. The browser assistant you mention is likely installed as part of the installation process for the free game.

I understand that it can be scary to find your computer behaving strangley, but it's best to have a profesional look at your computer. Since you are a BullGuard customer, the right thing to do is contact us via our support channels, so we can troubleshoot the issues for you. 

I am very glad to hear the issue is solved! Malwarebytes scans for things most security programs do not and we have always recommended their product. If you decide to buy the product, plase make sure to add the Malwarebytes program in the exceptions of BullGuard and vice-versa, so that your computer does not become slow. Real time protection engines conflict with each-other if not properly excluded. Again here a BullGuard agent can help.