People seem to ask me this all the time.
They suspect a virus is present on their system, but are unable to articulate exactly why they feel this way. There are a few steps that any good tech would check right away.*
*This is bad troubleshooting form. You should actually formulate your steps from the reported problems, but as we all know; theory and practical application don’t always line up!
Anyhow. The first things that I check in these scenarios are the running processes (who started them, their ACTUAL path), Network Connections (In and Outbound), and and oldie-but-goodie the local host file.
Poirot.Ps1 is a script that will run on the target machine and gather all of these items into a nice report for you. It is currently working, but planned improvements include:
1. Filename randomizer
2. Automated run after boot+2 minute delay (Run by SYSTEM user)
3. Auto-compression and email of report
4. Auto self-elevation for UAT purposes
(must be run from an elevated Powershell window!!!)