Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Shortcut to cmd prompt in startup?

  • Please log in to reply
No replies to this topic



  • Members
  • 387 posts
  • Gender:Male
  • Local time:08:52 AM

Posted 03 March 2017 - 10:42 AM

Has anyone ever seen a shortcut to the command prompt in the startup folder? The user complained of internet short cuts closing out on him, he opens the shortcut and it opens in IE11 for a few seconds and then closes out, no errors. I ran a scan with Webrootanywhere and Malwarebytes 3 and neither found anything. I noticed 6 instances of explorer.exe running in task manager so i ended all of them except the one using the most memory. With only one instance of explorer.exe running the shortcuts stay open. Did some digging and found a shortcut in the startup folder, I looked at the properties and there a bunch of switches there so I deleted it. A few seconds later it reappears so I look at the properties again and find the path in the registry is something like hkcu\software\zxxoxp so I deleted that too. Now after rebooting I have disabled the malware or whatever this is from running but have caused a couple of script errors after logging on, I will fix those later today, they are happening because they are looking to execute and their reg keys have been deleted.

So has anyone ever seen anything like this as this is new to me? Just curious, I don't need help removing it as I have already done so.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users