Noob needs help removing an autostart script

Hi everyone,

Can somebody please help?

I’m assuming this is some kind of malware. No idea how it got on my system. Bright VPN had no entry under add/remove programs. I had to manually search for and kill it’s executables. The Bright VPN background processes are no longer running in the background, but I’m assuming it’s trigger is still present on my system. MS Defender or MalwareBytes didn’t catch this unfortunately. Every time I restart my system, an Administrator Window of Powershell appears for a split second. A quick look in AutoRuns, shows it’s related to BrightVPN (see pic) but I cannot delete it. I am 100% clueless when it comes to using PowerShell.

Welcome to the forum. :wave:t3:

I highly recommend NOT to tinker around with PowerShell in such a case on a compromised system. Especially not when you are …

:bangbang: You cannot trust this system anymore. :bangbang: Even if you think you removed the malisious start command … you can’t be sure. :point_up_2:t3: :point_up_2:t3: :point_up_2:t3:

You may hurry to backup important data from the system in an isolated environment and then install it new from a guarantied virus free source.

Thank you, I know that’s probably the proper thing to do here, wiping the drive and reinstalling Windows. But I was really hoping to avoid that. For what it’s worth, I’ve run Malwarebytes, MS Defender, and 3 different Virus Scan programs, all show clean.


Maybe if you start your Windows in safe mode you might be able delete the record in regedit. If you are not familiar with PowerShell scripting, the registry is not the best place to start :wink: