Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Command Prompt Appears And Then Disappears By Itself, Was I Infected ?


  • This topic is locked This topic is locked
15 replies to this topic

#1 GamerXGhost

GamerXGhost

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 06 January 2017 - 06:37 PM

Hello guys, i have a trouble on 2 of my laptops. Both are having the same problem. I downloaded a crack of an application and then the command prompt always opens and closes by itself and because of that i deleted that application. But, the result is same ! the command prompt still opens and closes by itself. And when the command prompt opens, i see that it linked into C:\Windows\System32\ipconfig.exe and that was annoying ! i've do sfc scan and that just make one of my laptop more worst ! One of my laptop becomes Windows 7 build 7601 This copy of Windows is not genuine ! And it needs to be registered ! I've bought this laptop and then i must register ? And then, i've do another troubleshooting by using rkill and the result is :

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/07/2017 07:15:48 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\svchost.exe (PID: 1860) [SFI]
 * C:\ProgramData\Windows Security\winsecurity.exe (PID: 1960) [AU-HEUR]
 * C:\Users\Hp\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe (PID: 1072) [UP-HEUR]
 * C:\Windows\csrss.exe (PID: 2132) [SFI]
 * C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (PID: 2192) [AU-HEUR]
 
5 proccesses terminated!
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * mrt.exe debugger. [IFEO Debugger Deleted]
 
Backup Registry file created at:
 C:\Users\Hp\Desktop\rkill\rkill-01-07-2017-07-15-58.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 genuine.microsoft.com
  127.0.0.1 mpa.one.microsoft.com
  127.0.0.1 sls.microsoft.com
  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
 
I don't understand what its mean so, i think i need some help to tell me was my laptop attacked by virus or malware or there's just a setting gets edited cause of an app ? I'll try another troubleshooting using AdwCleaner and if it get solved by myself, i'll post about how to fix this for someone who have the same issue like me. I'm just a user and i'm not a professional IT and i don't know anything about computer settings i just know to playing games, and browsing in my laptop. But please help me ! I'll very thankfully if you helped me ! I'm a Gaming Youtuber and if the command prompt keeps annoying, my record could be worst ! Please Guys ! i need your help !


BC AdBot (Login to Remove)

 


#2 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 06 January 2017 - 06:39 PM

And guys, maybe you can help me to fix those "Windows 7 Build 7601 This copy of Windows is not genuine" I'll be appreciate you who can help me to fix this problem



#3 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 06 January 2017 - 06:42 PM

Got to be careful when dealing with some kinds of code, bad things can happen, other thing too is 33%~40% of all evil code can not be detected by any automated means.


Edited by shadow_647, 06 January 2017 - 06:44 PM.


#4 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 06 January 2017 - 06:44 PM

Wait, Wow ! The reply was soo fast ! Umm... guys i've opened AdwCleaner and i clicked run and nothing happens



#5 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 06 January 2017 - 07:16 PM

Oh man ! Now what should I do ? must I reset my pc or must I take my pc to a mechanical for repair ? or should I must download any software ? Please Help me...

#6 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 06 January 2017 - 07:46 PM

The RKill won't stop the problem ! The cmd prompt still opens and closes by itself ! So, i use RKill for the second try and the result is :

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/07/2017 08:42:53 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\svchost.exe (PID: 1760) [SFI]
 * C:\ProgramData\Windows Security\winsecurity.exe (PID: 1820) [AU-HEUR]
 * C:\Users\Hp\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe (PID: 1956) [UP-HEUR]
 * C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (PID: 2200) [AU-HEUR]
 * C:\Windows\csrss.exe (PID: 2384) [SFI]
 
5 proccesses terminated!
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Hp\Desktop\rkill\rkill-01-07-2017-08-42-58.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1 genuine.microsoft.com
  127.0.0.1 mpa.one.microsoft.com
  127.0.0.1 sls.microsoft.com
  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
  127.0.0.1       union.baidu2019.com
 
Program finished at: 01/07/2017 08:44:15 AM
Execution time: 0 hours(s), 1 minute(s), and 21 seconds(s)
 
Was that the same information as i posted before ? It said there's no malware, so maybe it because of a setting i think, and how do i reset the changes ? I just want to reset the change that created my problem and i still want my laptop not get reset because i think reseting laptop won't solve the problem

Edited by GamerXGhost, 06 January 2017 - 07:48 PM.


#7 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 06 January 2017 - 07:52 PM

Um... wait, my command prompt stoped opens and closes when i launch RKill but, i want to make the Cmd Prompt not opens and closes by itself without opening the RKill first ! Must i auto run RKill ?


Edited by GamerXGhost, 06 January 2017 - 07:52 PM.


#8 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 06 January 2017 - 07:53 PM

Wait for a log viewer pro to show up so they can check out your computer the hard way if they desire to,because of how the problem happened you might not get any help on the topic, my self im not good with that kind of thing unless i have the computer 100% under my noise and knowing how the problem happen i would think because of forum rules im not allowed to help, their hard liners here on the piracy topic.

 

just wanted to add my 2 cents worth,why i posted what i did.

 

Now i won't say much about this topic but ill say this, and this will be my last post for this forum thread.

 

 

I downloaded a crack of an application

 

When going near the topic you did you have to know where the real places are for that topic, if you just do a google search for whatever you were looking for and go to the top 10 hits you get they are probably honey pot servers that if you touch anything they have to offer your Os is done or worse.

 

Lot of rage out their on the software piracy topic and not everyone fights fail or cares about whats legal or not, by going down that road and trying to do what you tried your entering haxor land and theirs no rules when you go deep web or dark web, some people are payed to poison the topic and brake as many computers as possible,hack everything or whatever or they just go their because they can or who knows.

 

in the mean time if the computer was all good then you downloaded some junk and the computer flipped so you know what did what then id say wait for a pro on the topic.

 

In the mean time as you wait run the computer past every malware/antivirus/rootkit detector you can get your hands on, and keep your backups away from that pc, keep everything way from the computer till it checks out and considered it infected until proven otherwise.

 

This might be of help as well to look at things the hard way, default process explorer in windows is kind of useless, look for guides on the net on how to use it, theirs many.

 

http://process explorer



#9 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:20 AM

Posted 07 January 2017 - 06:38 AM

Windows Genuine Advantage is being blocked from functioning as it is in your host file. Have you installed a pirated version of

Windows or another Microsoft program?

 

You can replace the host file. Then I suggest you follow the instructions below for starting a new topic in the malware removal forum.

 

Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 07 January 2017 - 07:02 AM

Ok i'll try to follow both of your instructions and thank you for trying to helping me. I'll post a link for the new topic as you say buddy251, and sorry because I post my threads not in the right place. Thank you for helping me as fast as you can guys, because 1 of my laptop isn't mine but my friend's and I don't know how to tell him about his laptop, and once again thank you guys

#11 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 07 January 2017 - 07:08 AM

Okay, so, I must post about my windows build 7601 windows copy is not genuine at virus, trojan, spyware, and malware removal and logs forum. And how about the command prompt always popping up ? can I still post about it here ?

#12 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:20 AM

Posted 07 January 2017 - 07:34 AM

Once your computer is free of malware and problems still exist, then further help can be given. But first start the new topic in the malware removal forum.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 07 January 2017 - 07:40 AM

Okay bro, but now, i'm not in my home so when I arrived I'll be able to do what you say as fast as I can, and as you say before, I need to post about the windows "copy is not genuine" at the malware removal but, how about the command prompt that always opens and closes by itself ? Was I allowed to still post about it here ?

Edited by GamerXGhost, 07 January 2017 - 08:10 AM.


#14 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 07 January 2017 - 05:54 PM

Um.. RKill won't solve my problem ! It makes my command prompt stop popping but, it made me can't access internet until i restart the laptop !


This is the link of my new topic :

https://www.bleepingcomputer.com/forums/t/636761/my-laptop-have-a-windows-7-build-7601-windows-copy-is-not-genuine-letter/



#15 GamerXGhost

GamerXGhost
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 07 January 2017 - 06:01 PM

shadow_647 i think your link that you given to me was a wrong link, i can't go to the website you mean






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users