First post. Appreciate this forum as a resource! (And apologize for the long post, but I want to explain what happened / what I've done)
I have a problem and have tried some self-help remedies, but am unsure if I've located or fixed the problem. I suspect a Windows Command Processor infection due to seeing the popup / request to make changes on the computer.
Here's what I know / what happened. Last night I came in to discover my computer was off. I have a UPS which may have scheduled it - but I don't think so. I can't check the setting in Safe Mode. So I started up the computer and immediately noticed a problem when I logged on. Specifically it would not make a network connection, and several processes were running exceptionally slow. Network and Sharing Center would not open, nor would Genie discover / diagnose the problem. Also, I determined it was a problem at the computer end, as I had a wifi-connection through my phone which worked: I use a wired connection from the PC to the wifi/router/cable modem - which did not work, despite having a good connection and internet access via the wifi to my phone.
I opened Task Manager to see if I could discover rogue processes / applications running, but could not diagnose the issue. Along about this time, the "Do you want X program to make changes to this computer" popup came up asking me to authorize Windows Command Processor. I immediately recognized this as a suspicious event, and using my phone confirmed WCP as a potential trojan. I DID NOT click okay. I did, however leave it up and ignored it while I googled what it was - and I don't remember if it shut itself down or if I closed it via Task Manager. Needless to say, I did not click okay.
I've not seen the popup again in subsequent reboots, but still have something preventing a network connection* (*more on that later). Whatever it was prevented all attempts to diagnose the problem with Windows.
I have some experience cleaning trojans / malware from my computer and went the self-help route first:
- I tried to boot up into Windows Safe mode - but somehow rebooted into regular (yes I logged all the way back on), but two tries later managed to get into Safe Mode with Networking - only to discover the computer would not make any connection to the internet (still)
- I checked the All Users and my personal Startup files in Windows but can't find anything there.
- I checked MSCONFIG which has some things I am unsure about (Images of the Services and Startup tab provided below)
- I ran an old, outdated copy of Malwarebytes and it found nothing. Without an internet connection, I thought about trying to copy the updated 'rules' file from an uninfected computer, but then discovered that after sitting idle for 15-20 minutes the infected computer obtained a connection. Why? I don't know. I'm using it now in Safe Mode with Networking.
- I updated Malwarebytes, downloaded and ran RKill and then ran Malwarebytes with the current rules. It found a few potential files - but they're 'Ask.com' related (I think) and so may be something old / not the problem... or maybe they are - I just don't know. Reports attached.
- I also downloaded and ran FRST, but don't understand it and don't know what to do with it. Report attached.
- With a (finally) established network connection, I ran Trend Micro Housecall. It found nothing.
In any event, I've decided to reach out to the experts before proceeding. Below are the logs and reports, if they are any help. I appreciate any assistance you have to offer!
The two main things I want to find out are:
- Do I have a Windows Command Processor infection (think I do), and
- Is the WCP infection or another infection the source of the problem causing the prevention / delay of making an internet connection? (FWIW - I know the problem is on the computer side, the wifi / router is working and no other connected device has been affected)
Thanks in advance, files below:
Edited by hamluis, 26 June 2017 - 02:03 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.