Jump to content

CMD pops up on every startup and every 3 hours, blocked outward connection


Axun23

Recommended Posts

Hi, I recently downloaded some harmful software and after using Malwarebytes I removed the majority of it.

I have already performed multiple Threat scans using Malware bytes, the first of them removing a large number of malware and other PUPs.

However, on startup I get the CMD prompt popping up saying that it's trying to download something similar to the image below.

5a566bf619e4d_cmdrun.jpg.801d864d85ac1c6d03dfbca59d7dbd80.jpgDownload.jpg.a7f3417fe15d99a9e721705438c20fc4.jpg

Every 3 hours I got the CMD popping up again.

Along with this, Malwarebytes consistently blocks (thankfully) an outward connection(using svchost.exe) as shown in the outward report log. I have attached the necessary text files.

I desperately need your help as I have tried almost everything and this is taking a toll on my mental health.

Thank you in advance, I have seen that you help other people with very similar/ almost identical issues even today.

Malwarebytes Scan.txt

Outer Block.txt

Link to post
Share on other sites

2 hours ago, Axun23 said:

Hi, I recently downloaded some harmful software and after using Malwarebytes I removed the majority of it.

I have already performed multiple Threat scans using Malware bytes, the first of them removing a large number of malware and other PUPs.

However, on startup I get the CMD prompt popping up saying that it's trying to download something similar to the image below.

5a566bf619e4d_cmdrun.jpg.801d864d85ac1c6d03dfbca59d7dbd80.jpgDownload.jpg.a7f3417fe15d99a9e721705438c20fc4.jpg

Every 3 hours I got the CMD popping up again.

Along with this, Malwarebytes consistently blocks (thankfully) an outward connection(using svchost.exe) as shown in the outward report log. I have attached the necessary text files.

I desperately need your help as I have tried almost everything and this is taking a toll on my mental health.

Thank you in advance, I have seen that you help other people with very similar/ almost identical issues even today.

Malwarebytes Scan.txt

Outer Block.txt

Hi Kevin,

Here are the logs.

Thank you for taking the time to help me.

 

Addition.txt

FRST.txt

Link to post
Share on other sites

Thanks for those logs Axun23, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:
    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also let me know if there are any remaining issues or concerns....

Thank you,

Kevin..

fixlist.txt

Link to post
Share on other sites

Dear Kevin,

First of all THANK YOU!

I have followed all of your instructions to the letter.

The command prompt is no longer appearing at boot.

Additionally, the PC boots way faster than before.

I have no words to thank you, so I will make a donation, you 'Forum Deity'. ;)

 

P.S.: Not even the IT services from the multi billion pound company where I work could solve my problem. So, because I felt like you needed further praise, this is it.

Logs are attached.

 

What do I do now with those programs?

 

Fixlog.txt

MalwareBytes Scan 10.01.2108.txt

AdwCleaner[C0] after reboot.txt

adjusted mrt.log

Link to post
Share on other sites

Hello Axun23,

Thank you for those kind words, much appreciated... If you have no more issues or concerns run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Hi Kevin,

There is one thing that I noticed. Certain applications, i.e. games run at lower fps than before the fix (There same games that I tested ran at the normal, expected FPS during the period of the infection).

Should I reinstall my graphics driver?

Thank you

Link to post
Share on other sites

Hi Kevin, 

I've got some issues.

I have reinstalled my nvidia driver. Everything seemed to have gone well but when I tried opening one of those applications(games to test if the problem is fixed) they wouldn't even start up.

I checked display adapters to make sure the graphics card is there and it was.

I am so confused. I also tried updating the driver but it failed. And now I am once again uninstalling the driver and will be installing a newer version of the driver.

This is very annoying.

Link to post
Share on other sites

Let me know when the fresh driver is complete and if it makes any difference... If not try rolling back to previous driver, when that is done I want you to set up for a clean boot and try again...

Instructions at following link, any services related to your games will need leaving active...

https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows

Link to post
Share on other sites

Hi Kevin,

Problems solved! Everything is truly back to normal now, Driver is installed well and everything is running as well as it did before all of this happened.

One thing I noticed: I had previously installed Bitdefender Total Security 2018. And now, before installing the driver I uninstalled Bitdefender. 

Doing this has MASSIVELY reduced my boot time and has facilitated a correct install of my driver I am pretty sure.

Sorry for bothering you with this whole driver issue.

Cheers!

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.