Good day everyone!
I'm scanning all the local computers with Sophos anti-virus via Windows Server.
I can remotely remove most of the viruses or malware that Sophos detects on other PCs.
Sophos also showing that there is a "Virus/spyware" called "C2/Generic-B" located on "C:\Windows\System32\windowspowershell\v1.0\powershell.exe" and I have to remove it manually.
How do I remove it? What is it? Should I remove it or just let it stay like that?
C2/Generic-B is a detection from Malicious Traffic Detection, and means the process is connecting to a Command and Control server for a bot-net. Given that it is powershell being detected as the executable, that suggests that it is a powershell script that is running and connecting to a C&C server. It suggests the machine is running a bot-net program of some kind.
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-B.aspx
