Jump to content

CMD problem & slow loading


Kazsuki
Go to solution Solved by nasdaq,

Recommended Posts

I've used malwarebyte for a while now and scan regularly as a free user, recently I've discovered that I'm having problem's with CMD, the moment I open it, it will instantly close, no matter what I do. I feel malware has modified it, and although the malware was cleaned, the modification remained.

I've discovered the problem is with the autorun in : Computer\HKEY_CURRENT_USER\Software\Microsoft\Command Processor,

It contains 2 files: (Default) and Autorun

Autorun contains this text when modifying: @mode 20,5 & tasklist /FI "IMAGENAME eq FirewallModule.exe" 2>NUL | find /I /N "FirewallModule.exe">NUL && exit & if exist "C:\Users\moham\AppData\Roaming\Microsoft\FirewallModule\FirewallModule.exe" ( start /MIN "" "C:\Users\moham\AppData\Roaming\Microsoft\FirewallModule\FirewallModule.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit )

I've noticed deleting this autorun fixes the issue and CMD works like normal, but then i'll have to manually launch explorer each time i restart the pc, as windows would not run it automatically.

I would like advice on how i can correctly fix it.

I've attached files below

Addition.txt FRST.txt Threat Scan.txt

Link to post
Share on other sites

  • Solution

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Enable Windows Defender.
How To:
https://docs.microsoft.com/en-us/mem/intune/user-help/turn-on-defender-windows
<<<>>>

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

  • Thanks 1
Link to post
Share on other sites

Thank you soo much Nasdaq, I found out I had to remove a registry file as that was disabling Windows defender for some reason (Using youtube.) Once deleted, I restarted defender and it started working like normal. After this I followed the guide you linked (though I was having problem's finding group policy and could not do the initial step.) But I activated cloud policy + realtime as it mentioned to do later on.

After that I used the fixlist, CMD is working and does not instantly close anymore. I've uploaded a fixlog below. Is there anything else I'll be needing to do? :)

 

Fixlog.txt

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.