Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'C:\Windows\system32\cmd.exe'


  • Please log in to reply
6 replies to this topic

#1 ratamaque

ratamaque

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 16 February 2015 - 12:20 PM

Does anyone know how to get rid of this?

BC shows it to be an undesirable program.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 16 February 2015 - 01:00 PM

Hi ratamaque :)

cmd.exe is the command prompt executable for Windows, it's not malicious at all, nor should it be removed. Removing it would most likely break your Windows system, so I suggest you to keep it. Can you link me the page where you read that cmd.exe is an undesirable program and should be removed?

Edited by Aura., 16 February 2015 - 01:00 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:01:24 AM

Posted 16 February 2015 - 02:59 PM

Does it look something like this?

 

 

XjnrBSg.png

 

 

If so,

 

 

Please download AdwCleaner.

  • Double-click the adwcleaner.exe to run the tool.
  • Click Scan.
  • When the scan is finished, click Clean.
  • When the cleaning process is over, click Report and a Notepad window will be opened.
  • Please post the contents into your next reply.

Edited by Phantom010, 16 February 2015 - 03:00 PM.


#4 ratamaque

ratamaque
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 16 February 2015 - 04:05 PM

Aura, Here is the link.: http://www.bleepingcomputer.com/startups/C_WINDOWS_system32_cmd.exe-20553.html

It's what brought me to this site in the first place.

Thanks.

Ratamaque



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 16 February 2015 - 05:05 PM

You misread it ratmaque :) The entry itself is C:\WINDOWS\system32:cmd.exe, which means, the system32 folder having cmd.exe as the ADS (Alternate Data Stream). If you go under the two following keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components
HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components


And find the following subkey {7bcd1ddf-1d68-751a-15f8-4900acc0df46} then yes, it's infected. Otherwise, you're not. The cmd.exe executable isn't infected nor malicious, it's a legitimate Windows system executable. If you think that you're infected, you can get checked up by malware removal professional here. Do you think that your system is infected right now? If so, why?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 ratamaque

ratamaque
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 16 February 2015 - 07:45 PM

Yes, I feel it's infected.

Since that window has started popping up, very frequently, for less than a second at a time, my machine has gotten incredibly slow. Programs launch slowly, the internet launches slowly. I had a Geek Buddy (through Comodo) check it without success.

I don't understand where to insert your suggested paths above?



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 16 February 2015 - 07:46 PM

It's alright, you don't need to do anything with the paths I linked, you can let a malware removal helper take care of them :) In order to get checked up here, you have to post a thread in the Virus, Trojan, Spyware, and Malware Removal Logs section. You have to follow the instructions in the preparation guide prior to posting your thread, since it contains the steps to follow when posting it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users