Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random cmd.exe


  • Please log in to reply
1 reply to this topic

#1 koby

koby

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 12 September 2010 - 10:47 AM

Note: This is a work computer, I am in the IT department trying to fix this and am looking for help, if this post shouldn't be here I apologize I tried finding the rules about this sort of stuff. Anyway:

I had to look at someones computer and am seeing some random cmd.exe s in the task manager. If I'm there paying attention I see two of them loading straight after login. Opening up procexp.exe shows regedit branching off from it for a split second. After that point it just disappears. Sometimes I'll randomly go to his computer and open up task manager and see cmd.exe running and end the task.

This is for Windows 7.

I've disabled some unusual start-up programs, mainly the ones that aren't signed and I still manage to catch cmd.exe running at some point.

Should this be happening?

nbtstat -b doesn't return anything useful.

Ran superantispyware and all it found were tracking cookies.

Hope that is enough information.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:44 PM

Posted 12 September 2010 - 12:31 PM

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users