Jump to content

Search the Community

Showing results for tags 'cmd.exe misused'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. hi, my laptop has been infected through skype. i sought help at BLEEPINGCOMPUTER.COM and i was helped, yet he could not solve the issue fully. for a detailed overview of what my issue is and what had happened after that, please take a look at (many thanks for your patience) : http://www.bleepingcomputer.com/forums/t/630794/got-infected-through-skype/ http://www.bleepingcomputer.com/forums/t/631260/logs-got-infected-through-skype/ since the topics had been locked, and the person who was helping me was out of options (which he conveyed directly), i tried to investigate further as to what type of infection it could be. i installed system explorer from systemexplorer.net. from that, i found out that whenever google chrome starts, 2 cmd.exe processes load into memory - one piggybacked onto my AV's browser extension for chrome "360 Internet Protection" and the other cmd loads through "lastpass for chrome". if i disable these 2 extensions, the cmd processes stop running and if i enable these 2 extensions, the 2 cmd processes start running. one of them has the following parameter: C:\Windows\system32\DllHost.exe /Processid:{53362C64-A296-4F2D-A2F8-FD984D08340B} other has this parameter: C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\LastPass\nplastpass.exe" --parent-window=0 chrome-extension://hdokiejnpimakedhajhdlcegeplioahd/ < \\.\pipe\chrome.nativeMessaging.in.c399b4121a0bed8f > \\.\pipe\chrome.nativeMessaging.out.c399b4121a0bed8f where the random string of characters varies from one browsing session to another. so my hunch is that the hacker is trying to record my online activity using the trusted file - cmd.exe.the module-details of the 2nd cmd process is attached as screenshot. i tried to clean the infection by installing immunet-5, but it did not detect it too. i ran SFC to know if the infection has corrupted any system files. it returned that some files had been corrupted but were successfully repaired. i am even ready to re-install windows, PROVIDED, the malware WON'T re-infect the new windows installation. what should i do now? or should i try to scan my laptop using any AV's recovery disc USB? or use combofix under guidance? somebody please help me. :'( please find attached the FRST.TXT and ADDITION.TXT Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.