Jump to content

Recommended Posts

Hello to all, 

I encountered a problem couple of weeks ago since I realized I couldn't open cmd.exe ( once I open it, it automatically closes). I ran a MalwareBytes scan and found a malware marked as Hijack.AutoRun,  in registry value of a Command Processor

Specificly:

Hijack.AutoRun, HKU\S-1-5-21-2923880554-3555040517-45539607-1001\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AUTORUN, No Action By User, [14778], [245417],1.0.3222

So, naturally, I removed the malware and after I restarted my PC, the only thing that showed up is plain cmd.exe window without any background and icons in Windows. Only way to get it back is manually start explorer.exe.
I'm not sure what to do next. I just don't have the time at the moment to reinstall Windows 10, but I want this problem resolved as quick as possible because it's just bothering me.  If you guys have a solution for this problem, that would be perfect. I read about this online and haven't found anything similar so I had to create a new topic

PS. I copied most of things from another topic here which is closed, but completely same problem as mine. I attached right away logs. But next steps i cant follow because I cant download attached files anymore.

Thanks very much!

Addition.txt FRST.txt

Link to post
Share on other sites

looks like i Fixed it somehow, yet i dont know if its proper fix, everywhere people were writing about changing in regedit HKEYLOCALMACHINE, but there I had right value in "explorer.exe" So i thought ill try in HKEYCURRENTUSER same way HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, changed there value to explorer.exe and finally got it work!

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Good work, still some work to be done.

ATTENTION: System Restore is disabled
Turn System Restore ON for Drives in Windows 10 - Immediately.
https://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome

Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset and clean up" > "Restore settings to their original defaults"
 
Restart Chrome.
<<<>>>

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.