Jump to content

C:\Windows\SysWOW64\cmd.exe wifi virus


Recommended Posts

I seem to be inflicted with a virus tied to my wifi and internet. Really slows down my laptop. I thought I had a hacker but I get pop-ups of this when accessing my router and my dumbass even clicked on it because I thought it was for the router "do you want to make changes yada yada. C:\Windows\SysWOW64\cmd.exe/c netsh interface set interface "wi-fi" disabled. "C:\Windows\SysWOW64\cmd.exe"/k sc startNETGEAR Genie daemon. A couple other variations. My router map did show others getting on my wi-fi and I recorded the MAC addresses but now I'm not so sure what was going on as I thought I identified my laptop but today found a different MAC address??? Is this a known virus?

Link to post
Share on other sites

18 hours ago, macmcgovern said:

I seem to be inflicted with a virus tied to my wifi and internet. Really slows down my laptop. I thought I had a hacker but I get pop-ups of this when accessing my router and my dumbass even clicked on it because I thought it was for the router "do you want to make changes yada yada. C:\Windows\SysWOW64\cmd.exe/c netsh interface set interface "wi-fi" disabled. "C:\Windows\SysWOW64\cmd.exe"/k sc startNETGEAR Genie daemon. A couple other variations. My router map did show others getting on my wi-fi and I recorded the MAC addresses but now I'm not so sure what was going on as I thought I identified my laptop but today found a different MAC address??? Is this a known virus?

 

Addition.txt FRST.txt Advanced report scan 5-6-19.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
ShopAtHome.com BrowserAppCore Service Chrome (HKLM-x32\...\ShopAtHome.com BrowserAppCore Service Chrome) (Version:  - ShopAtHome.com) <==== ATTENTION
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
Read about the Netgear Genie
https://play.google.com/store/apps/details?id=com.dragonflow&hl=en

fixlist.txt

Link to post
Share on other sites

On 5/6/2019 at 11:08 PM, macmcgovern said:

I seem to be inflicted with a virus tied to my wifi and internet. Really slows down my laptop. I thought I had a hacker but I get pop-ups of this when accessing my router and my dumbass even clicked on it because I thought it was for the router "do you want to make changes yada yada. C:\Windows\SysWOW64\cmd.exe/c netsh interface set interface "wi-fi" disabled. "C:\Windows\SysWOW64\cmd.exe"/k sc startNETGEAR Genie daemon. A couple other variations. My router map did show others getting on my wi-fi and I recorded the MAC addresses but now I'm not so sure what was going on as I thought I identified my laptop but today found a different MAC address??? Is this a known virus?

 

Link to post
Share on other sites

Yes it appears so. Speed has returned. No pop-ups. Thank you very much

I do have a question. When all this was going on I had identified most of the MAC addresses that were shown on the router genie map. I had mis identified one address as my laptop while hardwired to the router. Does a laptop have more than one mac address? I found my address for Wifi which I precviously thought was a hacker but have not found the address that I had thought was me. 

Link to post
Share on other sites

Well pop-ups and slow speed today. Pop-ups not as bad but, I said no a few times and they stopped. I have one device that I thought was my firestick but didn't know how to check the mAC address. I had it blocked in order to get more speed. I just found it unblocked and details showed it as a windows PC. I also found that I had forgotten to log out of the router. I changed the log-in password and when everything came back(I didn't have to log in with anything)it was back to "Amazon" and blocked as before.

Screenshot (36).png

Link to post
Share on other sites

Hi,

Lets reset your IP settings.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--

  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.


=======

Please post the logs and let me know what problem persists.

Link to post
Share on other sites

I've managed to screw this up. I think I have too many versions of FRST on my machine(some back to 2014). I keep trying to pick the right one and have the fixlist with it in the same file but it tells me that it isn't. I want to delete them all and start fresh but not without your say so.

Link to post
Share on other sites

Hi,

When you execute the program if a new version is available it will be downloaded.

You can delete all the old versions by looking at the date the program was installed.

p.s.

Your last FRST log shows this on the first line.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05.2019

This mean that the version your used is date the 6 of May this year.

 

Link to post
Share on other sites

The dates shown as far as the file shows have been updating. I take than when I open the program that there will be a version I can check? But, when I open the program it tells me that it is updating. When ready I hit fix. A dialogue box informs me that the fixlog cannot be found . This evening I will try to find the may6 version and delete everything else

Link to post
Share on other sites

Every time you run the program it will update automatically.

If you execute the Farbar program to execute a fix check in the upper left corner it there is an update going one.

If so let if finish. The Farbar program will re open when completed and then you can select the fix button.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.