Windows Command Processor notification - Please help!

Page 3 of 4 FirstFirst 1234 LastLast

  1. Posts : 5
    Win 7 Home 64 bit
       #21

    Also, previously I had tried to log into my Lloyds TSB internet banking, and after entering the correct login, password, and the requested letter from my memorable information, I was taken to a legit looking screen which asked for my password again and the whole of my memorable info (something which LLoyds and I think pretty much all banks state that they will never do...)

    Now I seem to be able to log in fine...
    Last edited by Tedri Mark; 16 Oct 2011 at 14:06.
      My Computer


  2. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #22

    Tedri Mark said:
    Also, previously I had tried to log into my Lloyds TSB internet banking, and after entering the correct login, password, and the requested letter from my memorable information, I was taken to a legit looking screen which asked for my password again and the whole of my memorable info (something which LLoyds and I think pretty much all banks state that they will never do...)

    Now I seem to be able to log in fine...
    Thanks for letting us know the status.

    Since some malware will also go to to sleep or run only every n starts, then I strongly recommend running the Microsoft Standalone System Sweeper as mentioned in a previous post.

    Karl
      My Computer


  3. Posts : 5
    Win 7 Home 64 bit
       #23

    Okay, it's back - It re-appeared once I opened a photoshop file which i was sent from a guy I'm supposed to be doing some freelance work for..

    Not sure if it is definitely due to that file, and I highly doubt that he has put it in there himself maliciously (Although it would be a good way of spreading the file, he only sent me the zip file after accepting me for the project (You can only accept one person), rather than attaching the zip to the poject proposal, which would have potentially been opened by a lot more people..

    But sure enough "mieehyvoumnpwgcq" has re-appeared in my local/temp folder and another udgjfawi entries are in my startup list in msconfig...

    And sure enough, once again trying to log into Loyds takes me to: https://secure2.lloydstsb.co.uk/pers...nformation.jsp

    Schneeeaaky!

    Before I sucessfully deleted it, it would prompt the install every time, which was at least 5 reboots..
      My Computer


  4. Posts : 5
    Win 7 Home 64 bit
       #24

    Oh it also seems to cause skype to crash, and stops me sending mail via thunderbird...

    I had wondered if the thunderbird mail thing was related, and it seems so, as it was not working yesterday, and then started working again after I fixed the problem, and now isn't working again... Going to email Lloyds from another computer...
      My Computer


  5. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #25

    We have a tutorial on running Microsoft Standalone System Sweeper.

    Run that and attach the logs mentioned in the procedure I give you to your next post.

    Be forewarned, this is a very thorough and excellent program and will take several hours.

    ESET is a decent AV program. Keep your AV software current.

    Never open a file or attachment before you open the file or attachment.

    What browser are you using?

    The important reply from you is the one where you attach the logs from running the Microsoft Standalone System Sweeper.
      My Computer


  6. Posts : 5
    Win 7 Home 64 bit
       #26

    Okay, so I just went to open an attachment sent to me by a guy I'm doing some freelance work for, and hey presto, it cropped up again.. Not sure if it is the attachment itself (a photoshop file) or something now embedded in photoshop (as clicking on the file automatically opened photoshop..)

    I can confirm that it re-introduced the re-direct in Lloyds log in.. And also, the 2 startup processes are called UdgJfawi and udgjfawi in HKCU/Software/Microsoft/Windows/CurrentVersion/Run and C:/Users/MYUSERNAME/Roaming/Microsoft/Windows/Start Menu/Programs respectively..

    EDIT: Sorry I thought the post before this one hadn't posted - I'll leave this here as it has a bit of extra info..

    Just opened photoshop on its own after once more going through the previous procedure to remove the problem and sure enough, the update request starts up again..

    EDIT 2: I'm using Firefox, I'm going to do my quick fix for the time being, and not use photoshop, and then run the system sweeper over night. Logs to follow...
      My Computer


  7. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #27

    We have a tutorial on running Microsoft Standalone System Sweeper.

    Run that and attach the logs mentioned in the procedure I give you to your next post.

    Be forewarned, this is a very thorough and excellent program and will take several hours.

    ESET is a decent AV program. Keep your AV software current.

    Never open a file or attachment before you open the file or attachment.

    What browser are you using?

    The important reply from you is the one where you attach the logs from running the Microsoft Standalone System Sweeper.
    In case you missed my last post.
      My Computer


  8. Posts : 1
    Windows 7 Home Premium x64
       #28

    Hiya,

    Just dropping by, I think I had the same virus/trojan/whatever as the OP.

    I can't now recall what the malicious files were named, but they seemed like random generated e.g. gfdilfgd.exe (not the actual name, but used for demonstration).

    I tried and ran several anti-virus and malware removal softwares, but none of them detected what was causing the problem. I couldn't get Microsoft Standalone System Sweeper to install on my USB Stick, so I didn't use it.

    But I think I got it solved and the files removed in the following way:

    I examined the filepath that was causing the Command Process notification to display (it shows the filepath in the notification and you can force the notification to stay in the background by pressing ESC in the notification screen and quickly opening for example Windows Explorer). I also used Autoruns (Autoruns for Windows) to find out what program was ran in logon to cause the malicious software to run, similarly there were entries such as gfdilfgd.exe.

    Comparing information from these I found out that they were pointing at C:\Users\(Your Username)\AppData\ , which is a hidden folder and you have to enable seeing hidden files in Folder Options in the Control Panel. Specifially the malicious files were in the folders Local, Roaming and \Roaming\Temp. The files had random generated, but rather short names such as "sadfispodcixg" or "gsdgsodpgsd.exe" so they were easy to spot. I also checked the file creation times to find out that the suspicious files were created closely on the same time, which helped to spot the malicious files in different folders. There were different types of files, some folders, .exes in the folders and .txt documents or logs that seemed to be generated by the malicious software, because more of them were appearing on time intervals.

    To remove the files by hand, I booted Windows into Safe Mode. I started by running Autoruns and removing the malicious entries (there were 2 of them) from the logon tab so they wouldn't run on startup. Then I went on removing all suspicious files from the previously mentioned folders and double checking that I didn't leave anything that could be part of the malicious program.

    Booted back into Windows 7 and the notification isn't appearing anymore and I can't see any traces of the malicious software.
      My Computer


  9. Posts : 82
    XP
       #29

    Just a Suggestion, Sometimes when I have not been able to remove a suspicous file and the A.V. does not cahtch it or malwarebytes, I go to search and run regedit, I then type the name of the progam "winodws command processor" and wait for the file to be found I then start deleting one file at a time by hitting f3. I do not know how much easier to expalin this. Just remember playing the Windows Registry is very tricky and if you delete the wrong file or item it could crash you computer. If you decide to use regedit after removing all the file contents. Run Malware bytes and download ccleaner or glary utilities to clean and repair the registry. Again, somone else may have better advice or explain what I am trying to convey in a better way.

    Still Learniing, Learning Still

    Curtis
      My Computer


  10. Posts : 1
    windows 7 64 nit
       #30

    1. Uninstall any virus software like McCafe
    2. Down load trial version of Kasper sky
    3. Do fulll scan
    4. Then re install virus software either McCafe or Kaspersky. I continued with Kaspersky.

    Problem is solved for me..I hope it is a virus associated.

    Ganesan P
      My Computer


 
Page 3 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:55.
Find Us