This script contains malicious content and has been blocked by your antivirus software.

[error0x1337]

Hello again. service cant run at startup bro. av is blocking it. At line:1 char:1

• "function Local:nMjwMwQTSHUt{Param([OutputType([Type])][Parameter(Pos ...

• 
  This script contains malicious content and has been blocked by your antivirus software.
  + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
  + FullyQualifiedErrorId : ScriptContainedMaliciousContent

Any suggestions?

[error0x1337]

I think its not working properly after reboot. i manually ran service64.exe and it only hide explorer.exe but everything is visible everywhere. like services task schedulers and regedit names

[error0x1337]

Oh. mb i run it with uac and it worked. srsry. (but startup pw command is still detected. by wd)

[venkovisual]

its not fud dumbass its malware

[error0x1337]

its not fud dumbass its malware

im not saying its fud u brain fucked

[error0x1337]

THATS WHY U A BRAINFUCKED <3 bro made a rootkit removal

[bytecode77]

Not sure whether Windows Defender starts detecting r77 again after it didn't detect it for the past 6 months.

Either way, open source solutions will never be FUD. And I can't help you either, because I can't be fixing detection issues all day long. All I can do is to implement the installation process in such a way that it's entirely fileless and easy to FUD it yourself, if you need to.

[error0x1337]

@bytecode77 and can you tell me why testconsole throws this error ?

[venkovisual]

basically u fucked up code and u need to fix it

[error0x1337]

basically u fucked up code and u need to fix it

i didnt do anything lol

[bytecode77]

Guys... Please stop fighting. Let's be constructive:

@error0x1337 I can't say anything about the error message, because I didn't encounter it. If I did, it would have been fixed long ago...

And from experience I can tell that you made no attempt to debug it. The professional way to handle it is to debug the issue before posting. That way, you may even be able to fix it immediately yourself. The "premium behavior" in the open source world would be to post the issue and cause so that I can fix it for future users.

Anyway, please debug the issue, otherwise this is just one of a dozen posts / emails I receive throughout the week. I simply can't respond to 100% of them.

[venkovisual]

Okay, AMSI has been updated on Defender 11 not sure about 10 but im sure it will be coming soon enough so the reason it's detected is because the AMSI Module has been updated meaning AMSI Bypass is most likely broken and/or getting detected

[bytecode77]

Yes, of course any bypass will eventually be broken. From time to time I look into the reasons why a bypass no longer works. Although I don't bother with signature based detection on the Powershell snippet, I do implement fundamental evasion techniques, such as the polymorphism on the Powershell, which kept Windows Defender away for a whopping year...