Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Command Processor notification - Please help!

16 Oct 2011   #21
Tedri Mark

Win 7 Home 64 bit
 
 

Also, previously I had tried to log into my Lloyds TSB internet banking, and after entering the correct login, password, and the requested letter from my memorable information, I was taken to a legit looking screen which asked for my password again and the whole of my memorable info (something which LLoyds and I think pretty much all banks state that they will never do...)

Now I seem to be able to log in fine...


My System SpecsSystem Spec
.
16 Oct 2011   #22
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Quote   Quote: Originally Posted by Tedri Mark View Post
Also, previously I had tried to log into my Lloyds TSB internet banking, and after entering the correct login, password, and the requested letter from my memorable information, I was taken to a legit looking screen which asked for my password again and the whole of my memorable info (something which LLoyds and I think pretty much all banks state that they will never do...)

Now I seem to be able to log in fine...
Thanks for letting us know the status.

Since some malware will also go to to sleep or run only every n starts, then I strongly recommend running the Microsoft Standalone System Sweeper as mentioned in a previous post.

Karl
My System SpecsSystem Spec
16 Oct 2011   #23
Tedri Mark

Win 7 Home 64 bit
 
 

Okay, it's back - It re-appeared once I opened a photoshop file which i was sent from a guy I'm supposed to be doing some freelance work for..

Not sure if it is definitely due to that file, and I highly doubt that he has put it in there himself maliciously (Although it would be a good way of spreading the file, he only sent me the zip file after accepting me for the project (You can only accept one person), rather than attaching the zip to the poject proposal, which would have potentially been opened by a lot more people..

But sure enough "mieehyvoumnpwgcq" has re-appeared in my local/temp folder and another udgjfawi entries are in my startup list in msconfig...

And sure enough, once again trying to log into Loyds takes me to: https://secure2.lloydstsb.co.uk/pers...nformation.jsp

Schneeeaaky!

Before I sucessfully deleted it, it would prompt the install every time, which was at least 5 reboots..
My System SpecsSystem Spec
.

16 Oct 2011   #24
Tedri Mark

Win 7 Home 64 bit
 
 

Oh it also seems to cause skype to crash, and stops me sending mail via thunderbird...

I had wondered if the thunderbird mail thing was related, and it seems so, as it was not working yesterday, and then started working again after I fixed the problem, and now isn't working again... Going to email Lloyds from another computer...
My System SpecsSystem Spec
16 Oct 2011   #25
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

We have a tutorial on running Microsoft Standalone System Sweeper.

Run that and attach the logs mentioned in the procedure I give you to your next post.

Be forewarned, this is a very thorough and excellent program and will take several hours.

ESET is a decent AV program. Keep your AV software current.

Never open a file or attachment before you open the file or attachment.

What browser are you using?

The important reply from you is the one where you attach the logs from running the Microsoft Standalone System Sweeper.
My System SpecsSystem Spec
16 Oct 2011   #26
Tedri Mark

Win 7 Home 64 bit
 
 

Okay, so I just went to open an attachment sent to me by a guy I'm doing some freelance work for, and hey presto, it cropped up again.. Not sure if it is the attachment itself (a photoshop file) or something now embedded in photoshop (as clicking on the file automatically opened photoshop..)

I can confirm that it re-introduced the re-direct in Lloyds log in.. And also, the 2 startup processes are called UdgJfawi and udgjfawi in HKCU/Software/Microsoft/Windows/CurrentVersion/Run and C:/Users/MYUSERNAME/Roaming/Microsoft/Windows/Start Menu/Programs respectively..

EDIT: Sorry I thought the post before this one hadn't posted - I'll leave this here as it has a bit of extra info..

Just opened photoshop on its own after once more going through the previous procedure to remove the problem and sure enough, the update request starts up again..

EDIT 2: I'm using Firefox, I'm going to do my quick fix for the time being, and not use photoshop, and then run the system sweeper over night. Logs to follow...
My System SpecsSystem Spec
16 Oct 2011   #27
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Quote:
We have a tutorial on running Microsoft Standalone System Sweeper.

Run that and attach the logs mentioned in the procedure I give you to your next post.

Be forewarned, this is a very thorough and excellent program and will take several hours.

ESET is a decent AV program. Keep your AV software current.

Never open a file or attachment before you open the file or attachment.

What browser are you using?

The important reply from you is the one where you attach the logs from running the Microsoft Standalone System Sweeper.
In case you missed my last post.
My System SpecsSystem Spec
17 Oct 2011   #28
Strange

Windows 7 Home Premium x64
 
 

Hiya,

Just dropping by, I think I had the same virus/trojan/whatever as the OP.

I can't now recall what the malicious files were named, but they seemed like random generated e.g. gfdilfgd.exe (not the actual name, but used for demonstration).

I tried and ran several anti-virus and malware removal softwares, but none of them detected what was causing the problem. I couldn't get Microsoft Standalone System Sweeper to install on my USB Stick, so I didn't use it.

But I think I got it solved and the files removed in the following way:

I examined the filepath that was causing the Command Process notification to display (it shows the filepath in the notification and you can force the notification to stay in the background by pressing ESC in the notification screen and quickly opening for example Windows Explorer). I also used Autoruns (Autoruns for Windows) to find out what program was ran in logon to cause the malicious software to run, similarly there were entries such as gfdilfgd.exe.

Comparing information from these I found out that they were pointing at C:\Users\(Your Username)\AppData\ , which is a hidden folder and you have to enable seeing hidden files in Folder Options in the Control Panel. Specifially the malicious files were in the folders Local, Roaming and \Roaming\Temp. The files had random generated, but rather short names such as "sadfispodcixg" or "gsdgsodpgsd.exe" so they were easy to spot. I also checked the file creation times to find out that the suspicious files were created closely on the same time, which helped to spot the malicious files in different folders. There were different types of files, some folders, .exes in the folders and .txt documents or logs that seemed to be generated by the malicious software, because more of them were appearing on time intervals.

To remove the files by hand, I booted Windows into Safe Mode. I started by running Autoruns and removing the malicious entries (there were 2 of them) from the logon tab so they wouldn't run on startup. Then I went on removing all suspicious files from the previously mentioned folders and double checking that I didn't leave anything that could be part of the malicious program.

Booted back into Windows 7 and the notification isn't appearing anymore and I can't see any traces of the malicious software.
My System SpecsSystem Spec
17 Oct 2011   #29
curtiswardwell

 

Just a Suggestion, Sometimes when I have not been able to remove a suspicous file and the A.V. does not cahtch it or malwarebytes, I go to search and run regedit, I then type the name of the progam "winodws command processor" and wait for the file to be found I then start deleting one file at a time by hitting f3. I do not know how much easier to expalin this. Just remember playing the Windows Registry is very tricky and if you delete the wrong file or item it could crash you computer. If you decide to use regedit after removing all the file contents. Run Malware bytes and download ccleaner or glary utilities to clean and repair the registry. Again, somone else may have better advice or explain what I am trying to convey in a better way.

Still Learniing, Learning Still

Curtis
My System SpecsSystem Spec
05 Nov 2011   #30
ganesan

windows 7 64 nit
 
 

1. Uninstall any virus software like McCafe
2. Down load trial version of Kasper sky
3. Do fulll scan
4. Then re install virus software either McCafe or Kaspersky. I continued with Kaspersky.

Problem is solved for me..I hope it is a virus associated.

Ganesan P
My System SpecsSystem Spec
Reply

 Windows Command Processor notification - Please help!




Thread Tools





Similar help and support threads
Thread Forum
Command Prompt command <ipconfig> not working
when I open up my command prompt and type 'ipconfig' without the ' and press enter it returns the line: 'ipconfig' is nto recognized as an internal or external command, operable program, or batch file I am trying to find out the information I need in order to set up a static IP Address for port...
Network & Sharing
My Windows 7 64bit Home Premium does not have a COMMAND or COM command
When I am told to go to START/SEARCH and type in COMMAND, so I can RUN as Admin, it finds neither COM.exe or COMMAND.exe so I can "Run as Admin" in the DOS windows. It use to. I do have a RUN command that will bring up the DOS window but when executing some commands like CHKDSK it tells me I...
General Discussion
Windows command processor virus. Plese help me!!
I have a windows command processor virus and need help removing it. I have tried malwarebytes it found the problem said it had been deleted and yet it reappears everytime i reboot. any help would be very much appreiciated. thanks in advance
System Security
Windows Command Processor Virus
This virus has now hit my computer, I have run several scans using Malwarebytes, Windows Defender and SuperAntiSpyware.All have come up with doggy files and cookies. Still problems also found a registry key about it, deleted still it happens. So if anyone can help, you would be a lifesaver. Here I...
System Security
Windows command processor virus
I need help removing this virus from my laptop. I've been reading some other topics about this and so far the only step I have taken is to download Malwarebytes. I have scanned the laptop 4 times now and each time I get a different number of objects detected, but after deleting and restarting...
System Security
No notification in Windows Firewall
Hi, I made all the adjustments and made an outbound rule for internet explorer. But no notification. What can i do? Grtz Cookie!
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:08.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App