Jump to content

Command Prompt Keeps Popping Up


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello,

Two days ago my computer was infected by some malicious malware. I ran malwarebyte, ESET scan, and some other antimalware programs. I was able to remove most of the malware, but I noticed that my command prompt opens and closes quickly every so often. I suspect that it has something to do with windows command processor because this program only appears on the start up manager of norton security, and does not appear on task manager. Furthermore, when I try to turn off the start up option for windows command processor, it keeps re-enabling itself. What do I do? 

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Hello :welcome:

My name is Maurice. I will guide you,  Please always attach files / reports as we go along.

I need a fuller set of reports for review so that I can review & guide you.

Please download  Malwarebytes' MBST Support Tool

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

_mb_attach.jpg

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Thanks for the report file.  As I think I understood what you described at the start.  There is some kind of a "command window" that you see briefly at the time of Windows startup.  That is what you have some concern about.  And that you had had some kind of malware a couple of days ago.

I will be guiding you to scan, check for malware.

.

I see this pc has ESET Security.  A excellent security app.  Did you do a scan with ESET today ?

.

[ 1 ] 

As a next basic step, Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article

 

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[ 2 ]

There are a couple of hidden files under appdata/roaming, which will be removed.

There are 2 files flagged by Defender as threats that will be removed.

This script will also run the Windows System File Checker to check the system files.

There is  a suspicious Task for "Firefox Default Browser Agent DFF4CD17B6770B9A"  that will be removed.

The script Fixlist.txt  needs to be saved to the same folder that contains FRSTENGLISH.exe   /  it is on Downloads

 

Please save the (attached file named) FIXLIST.txt   to the   Downloads folder

Fixlist.txt

 

The custom script on this post is ONLY for this machine and NO other.   

  • Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

  • If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

 

The system will be rebooted after the script has run.

 

  • Start the Windows Explorer and then, to the   Downloads  folder.
  • RIGHT click on  FRSTENGLISH.exe   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run the tool. 
  • If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.

 

  • IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

  • on the FRST window:

Click the Fix button just once, and wait.

 

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. 

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

 

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

We will do more later.

You should take some time, to run a new scan with your ESET Security.   Let me know what that reports.

Edited by Maurice Naggar
corrected font issue
Link to post
Share on other sites

Thank you.   The run is good.  I do expect that you are not seeing a odd-command-window screen flash at windows startup.

Our program, Malwarebytes for Windows can detect and remove most malware with no further actions required for free.

Please download, install, update and do a Threat Scan with Malwarebytes and post back the log 

Then, locate the Scan run report; export out a copy; & then attach in with your reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Let me know how the situation is after that.    😃
 

Link to post
Share on other sites

I had seen the odd cmd window pop-up yesterday on start up but after restarting today it seems to not be appearing anymore.

The logs of the scan are:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/1/21
Scan Time: 12:54 PM
Log File: aaba18ce-da5a-11eb-a77d-1c1b0dce0b90.json

-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1344
Update Package Version: 1.0.42516
License: Trial

-System Information-
OS: Windows 10 (Build 19042.1052)
CPU: x64
File System: NTFS
User: DESKTOP-CTOQCBU\Roberto

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 340617
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

I will only be able to see of the situation has been fixed later tonight, as soon as I've verified it I will reply here

Thank you again for all your help and patience.

Link to post
Share on other sites

  • Solution

The report above is perfect.  Kudos.

Next suggestion

Let me suggest you do one scan with Malwarebytes'  Adwcleaner to check for adwares.

First download & save it 

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then do a scan with Adwcleaner 

 

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

  • Thanks 1
Link to post
Share on other sites

I am glad to have worked with you.

We can proceed with cleanup of tools we used.

To remove the FRST tool & its work files, do this. Go to your Downloads folder. Do a RIGHT-click on FRSTENGLISH.exe & select RENAME & then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Delete mbst-grab-results.zip

Delete mb-support-1.8.4.896.exe   on Desktop

Adwcleaner you may keep & run on-demand as desired to check for adwares.

Any other download file I had you download, you may delete.

[ BEST PRACTICES ]

Backup is your best friend. Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

 

 

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Best practices & malware prevention:

  • Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
  • First rule of internet safety: slow down & think before you "click".
  • Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).
  •  
  • Free games & free programs are like "candy". We do not accept them from "strangers".
  •  
  • Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
  • Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.
  • Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
  • Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".
  •  
  • Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  • See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
  • Don't remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.
  •  
  • Do a Windows Update.
  •  
  • Make certain that Automatic Updates is enabled.
  • https://support.microsoft.com/en-us/help/12373/windows-update-faq
  •  
  • Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.
  •  
  • For other added tips, read "10 easy ways to prevent malware infection"

https://blog.malwarebytes.com/101/2016/08/10-easy-ways-to-prevent-malware-infection/

 

Stay safe.  I wish you all the best.

Maurice

  • Like 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Like 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.