I wrote this article to help you remove Poweliks. This Poweliks removal guide works for all Windows versions.

Poweliks is a newly-developed Trojan horse which needs no permission to infiltrate your PC. The malicious threat (also known as Win32/Poweliks, or Trojan.Poweliks) usually enters your operating system silently, using corrupted spam email attachments, the Microsoft Office exploit (CVE-2012-0158), software bundles, or various other security backdoors. Nevertheless, the most important fact about Poweliks is that the clandestine Trojan does not create any files on your virtual machine, which makes its detection very difficult.

Usually, the Poweliks malware is distributed by a phishing email which is supposedly sent by Canada Post or USPS mail. The email users receive states that the post service failed to deliver some item and now provides tracking information in the attached file. In case you are not waiting for any parcel to be delivered, you should not open such fake emails and erase them right away from. Otherwise, your system will be infected by malware.

Be aware, that such type of deception is widely used, thus you must be very attentive with any suspicious emails and offers that you receive. Also, it is very important to protect your virtual machine against malware and spyware, otherwise, you are very likely to experience security-related problems.

Poweliks resides the Windows registry only, which is a new method for malware distribution because the initial files hold all code, encrypted and hidden, which is necessary to compromise the whole system. The attackers have exploited the vulnerability CVE-2012-0158 in Microsoft Work. What Poweliks actually does is creating a startup registry which executes the legitimate rundll32.exe. In case the virtual machine does not have the PowerShell or .NET framework, it downloads it from the official Microsoft website.

After that, the infection decrypts a PowerShell script from the encrypted JavaScript. As soon as the malicious operations are performed, a binary program is executed. As a result, the program connects to certain remote locations to receive the commands of the attackers. Due to the fact that all the actions performed are stored in the registry, no files on the PC are created.

Regarding the autostart registry, the character which stands for the key’s name is not an ASCII character, so Regedit is not able to read it. For that reason, the user cannot open the key.
To catch the infection, AV solutions should detect the initial Word document before its execution and before it reaches the victim. Another solution is detecting the software exploit after the file’s execution.

In order to avoid such security issues, you have to make sure that your operating system is well-protected against malware. However, you cannot just uninstall Poweliks from the system, because it is a dangerous application. As there is no guarantee whether your PC would get infected or not, you have to install a reputable anti-malware program. In your case, you should certainly have a Poweliks removal tool which will erase the Poweliks malware from your virtual machine.

Poweliks Uninstall

Run the Task Manager by right clicking on the Taskbar and choosing Start Task Manager.

Look carefully at the file names and descriptions of the running processes. If you find any suspicious one, search on Google for its name, or contact me directly to identify it. If you find a malware process, right-click on it and choose End task.