Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Command Processor notification - Please help!


16 Oct 2011   #21

Win 7 Home 64 bit
 
 

Also, previously I had tried to log into my Lloyds TSB internet banking, and after entering the correct login, password, and the requested letter from my memorable information, I was taken to a legit looking screen which asked for my password again and the whole of my memorable info (something which LLoyds and I think pretty much all banks state that they will never do...)

Now I seem to be able to log in fine...

My System SpecsSystem Spec
.

16 Oct 2011   #22

MS Windows 7 Ultimate SP1 64-bit
 
 

Quote   Quote: Originally Posted by Tedri Mark View Post
Also, previously I had tried to log into my Lloyds TSB internet banking, and after entering the correct login, password, and the requested letter from my memorable information, I was taken to a legit looking screen which asked for my password again and the whole of my memorable info (something which LLoyds and I think pretty much all banks state that they will never do...)

Now I seem to be able to log in fine...
Thanks for letting us know the status.

Since some malware will also go to to sleep or run only every n starts, then I strongly recommend running the Microsoft Standalone System Sweeper as mentioned in a previous post.

Karl
My System SpecsSystem Spec
16 Oct 2011   #23

Win 7 Home 64 bit
 
 

Okay, it's back - It re-appeared once I opened a photoshop file which i was sent from a guy I'm supposed to be doing some freelance work for..

Not sure if it is definitely due to that file, and I highly doubt that he has put it in there himself maliciously (Although it would be a good way of spreading the file, he only sent me the zip file after accepting me for the project (You can only accept one person), rather than attaching the zip to the poject proposal, which would have potentially been opened by a lot more people..

But sure enough "mieehyvoumnpwgcq" has re-appeared in my local/temp folder and another udgjfawi entries are in my startup list in msconfig...

And sure enough, once again trying to log into Loyds takes me to: https://secure2.lloydstsb.co.uk/pers...nformation.jsp

Schneeeaaky!

Before I sucessfully deleted it, it would prompt the install every time, which was at least 5 reboots..
My System SpecsSystem Spec
.


16 Oct 2011   #24

Win 7 Home 64 bit
 
 

Oh it also seems to cause skype to crash, and stops me sending mail via thunderbird...

I had wondered if the thunderbird mail thing was related, and it seems so, as it was not working yesterday, and then started working again after I fixed the problem, and now isn't working again... Going to email Lloyds from another computer...
My System SpecsSystem Spec
16 Oct 2011   #25

MS Windows 7 Ultimate SP1 64-bit
 
 

We have a tutorial on running Microsoft Standalone System Sweeper.

Run that and attach the logs mentioned in the procedure I give you to your next post.

Be forewarned, this is a very thorough and excellent program and will take several hours.

ESET is a decent AV program. Keep your AV software current.

Never open a file or attachment before you open the file or attachment.

What browser are you using?

The important reply from you is the one where you attach the logs from running the Microsoft Standalone System Sweeper.
My System SpecsSystem Spec
16 Oct 2011   #26

Win 7 Home 64 bit
 
 

Okay, so I just went to open an attachment sent to me by a guy I'm doing some freelance work for, and hey presto, it cropped up again.. Not sure if it is the attachment itself (a photoshop file) or something now embedded in photoshop (as clicking on the file automatically opened photoshop..)

I can confirm that it re-introduced the re-direct in Lloyds log in.. And also, the 2 startup processes are called UdgJfawi and udgjfawi in HKCU/Software/Microsoft/Windows/CurrentVersion/Run and C:/Users/MYUSERNAME/Roaming/Microsoft/Windows/Start Menu/Programs respectively..

EDIT: Sorry I thought the post before this one hadn't posted - I'll leave this here as it has a bit of extra info..

Just opened photoshop on its own after once more going through the previous procedure to remove the problem and sure enough, the update request starts up again..

EDIT 2: I'm using Firefox, I'm going to do my quick fix for the time being, and not use photoshop, and then run the system sweeper over night. Logs to follow...
My System SpecsSystem Spec
16 Oct 2011   #27

MS Windows 7 Ultimate SP1 64-bit
 
 

Quote:
We have a tutorial on running Microsoft Standalone System Sweeper.

Run that and attach the logs mentioned in the procedure I give you to your next post.

Be forewarned, this is a very thorough and excellent program and will take several hours.

ESET is a decent AV program. Keep your AV software current.

Never open a file or attachment before you open the file or attachment.

What browser are you using?

The important reply from you is the one where you attach the logs from running the Microsoft Standalone System Sweeper.
In case you missed my last post.
My System SpecsSystem Spec
17 Oct 2011   #28

Windows 7 Home Premium x64
 
 

Hiya,

Just dropping by, I think I had the same virus/trojan/whatever as the OP.

I can't now recall what the malicious files were named, but they seemed like random generated e.g. gfdilfgd.exe (not the actual name, but used for demonstration).

I tried and ran several anti-virus and malware removal softwares, but none of them detected what was causing the problem. I couldn't get Microsoft Standalone System Sweeper to install on my USB Stick, so I didn't use it.

But I think I got it solved and the files removed in the following way:

I examined the filepath that was causing the Command Process notification to display (it shows the filepath in the notification and you can force the notification to stay in the background by pressing ESC in the notification screen and quickly opening for example Windows Explorer). I also used Autoruns (Autoruns for Windows) to find out what program was ran in logon to cause the malicious software to run, similarly there were entries such as gfdilfgd.exe.

Comparing information from these I found out that they were pointing at C:\Users\(Your Username)\AppData\ , which is a hidden folder and you have to enable seeing hidden files in Folder Options in the Control Panel. Specifially the malicious files were in the folders Local, Roaming and \Roaming\Temp. The files had random generated, but rather short names such as "sadfispodcixg" or "gsdgsodpgsd.exe" so they were easy to spot. I also checked the file creation times to find out that the suspicious files were created closely on the same time, which helped to spot the malicious files in different folders. There were different types of files, some folders, .exes in the folders and .txt documents or logs that seemed to be generated by the malicious software, because more of them were appearing on time intervals.

To remove the files by hand, I booted Windows into Safe Mode. I started by running Autoruns and removing the malicious entries (there were 2 of them) from the logon tab so they wouldn't run on startup. Then I went on removing all suspicious files from the previously mentioned folders and double checking that I didn't leave anything that could be part of the malicious program.

Booted back into Windows 7 and the notification isn't appearing anymore and I can't see any traces of the malicious software.
My System SpecsSystem Spec
17 Oct 2011   #29

 

Just a Suggestion, Sometimes when I have not been able to remove a suspicous file and the A.V. does not cahtch it or malwarebytes, I go to search and run regedit, I then type the name of the progam "winodws command processor" and wait for the file to be found I then start deleting one file at a time by hitting f3. I do not know how much easier to expalin this. Just remember playing the Windows Registry is very tricky and if you delete the wrong file or item it could crash you computer. If you decide to use regedit after removing all the file contents. Run Malware bytes and download ccleaner or glary utilities to clean and repair the registry. Again, somone else may have better advice or explain what I am trying to convey in a better way.

Still Learniing, Learning Still

Curtis
My System SpecsSystem Spec
05 Nov 2011   #30

windows 7 64 nit
 
 

1. Uninstall any virus software like McCafe
2. Down load trial version of Kasper sky
3. Do fulll scan
4. Then re install virus software either McCafe or Kaspersky. I continued with Kaspersky.

Problem is solved for me..I hope it is a virus associated.

Ganesan P
My System SpecsSystem Spec
Reply

 Windows Command Processor notification - Please help!




Thread Tools



Similar help and support threads for2: Windows Command Processor notification - Please help!
Thread Forum
Help needed executing command prompt command General Discussion
Windows command processor virus. Plese help me!! System Security
Windows Command Processor Virus System Security
Windows command processor virus System Security
Solved No notification in Windows Firewall System Security
Command Prompt command <ipconfig> not working Network & Sharing
Processor for 32-bit and 64-bit windows 7? Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:32 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33