Command Prompt Box Keeps Coming Up Randomly

johnkromka

New Member
Not sure where to post this, but I have done some preliminary research on this problem, and some say it may be a malware problem. Here is what is happening:

On my wife's notebook(HP 2000) she has been experiencing a strange thing over the last month or so. The command box will pop up seemingly whenever it wants(we have kept a record of the times, but no apparent pattern), stay there for no more than 1-2 seconds then disappear. She is trying to get a print screen, because there is something written in there which I am sure might reveal why the box keeps coming up. However, it is up so short of time we can't tell what's written in there(not much). One thing we are worried about is that someone said this could be a hacker trying to attempt to connect to our computer. Another said it could be due to some kind of malware causing this. Another said check the Task Scheduler. We went to Microsoft with it and they did a Remote Access, but because they cannot actually see what we are talking about they admitted they are limited in what they can do and as to what is causing it. They did change some setting on command prompt(cannot remember exactly what) and said this might work. It didn't. Then they recommended a drastic move, an upgrade of Windows 10. So we just finished that. Still comes up. Haven't gone back to Microsoft, thought would post in forum for ideas as to what this is, what might be the cause, and what we can do to try and stop it. It is just an annoyance, but it also could be something serious, like the hacker trying to connect thing(although the guy said this was "unlikely"). Bottom line, it is not normal and we don't really want to bring it to the shop unless we have to. We want it to stop, so any ideas or suggestions would be most appreciated. Thanks.
 

Agent Smith

Well-Known Member
Shit.. Microsoft telling you to update to Winblows 10. Yeah... That'll fix it! NOT!

Do this:

Run autoruns. Go to File and save the ARN file, zip it and upload here. This will allow me to see all the wonderful crap booting on the machine. https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

While you await for my reply run rkill then Herdprotect portable. Make sure you run rkill first.

https://www.bleepingcomputer.com/download/rkill/

http://www.softpedia.com/get/PORTABLE-SOFTWARE/Antivirus---Antispyware/Portable-herdProtect.shtml

Run HiJackThis and upload the log file. This isn't the best, but it has its uses. http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Run Tdsskiller, ADwcleaner and Junkware removal tool.

https://www.bleepingcomputer.com/download/tdsskiller/

https://www.bleepingcomputer.com/download/adwcleaner/

https://www.malwarebytes.com/junkwareremovaltool/

After you run all that, if there was malware or adware on your computer it was more than likely removed except for some real stubborn stuff and if so there are other methods.

I'll await the ARN file so I can see if you have something rouge booting with your computer.
 

johnkromka

New Member
Agent Smith(and others): I am in the process of running the scans you wanted me to. I just wanted to tell you what the scans have shown thus far:
1) autorums-could not send you the file as it said "the file is corrupted". It ran the scan and I saw quite a few colored lines. I am not familiar with autoruns but read it is a very good diagnostic tool. But after I saved it, I decided to open it and got the corruption message. That can't be good at all. What should I do now regarding this?
2) rkill-services, none to stop; processes, none found to kill; registry, no issues in registry; performed miscellaneous checks, windows defender disabled(is that normal?); missing digital signatures, no issues found; check HOSTS file, host file entries found 127.0.0.1
3) HerdProtect-after the second required scan-"Your PC is clean, no malware was found".

So essentially, so far, nothing has been found. And I find this quite amazing, since my computer is going CRAZY since I first posted. What follows is rather long, but the more info. you have, the better you'll be able to help me hopefully.
I am now POSITIVE my machine has been hacked! Much more insanity has happened to my machine other than the command prompt box coming up. I will outline what has happened since my post and you decide, but I don't think any rational thinking person would disagree with me after you hear this evidence:
1) I was just browsing my Hotmail(Outlook) tonight and was floored to see 7 messages in my Drafts folder. I knew that was too many so I opened it up. 3 were written by me, but the last four were written by "somebody else" all 4 at exactly the same time 8:37pm. 3 of the 4 simply had Draft written in red print, followed by the time(all 8:37), There was no text message for all 4, but 3 said " Sent From Mail For Windows 10". The most telling one was one. It was sent to a [email protected]. I investigated this. I found out that .il is a domain from Israel, and that "walla" is a company in Israel, providing news and other services. I also checked "ron barkay" and all I could come up with was a ron barkay on Facebook, and guess where he's located? You're right....Israel. I googled walla a few times and found it associated with scam activities. I DID NOT WRITE ANY OF THESE EMAILS!! So how can I not be hacked from someone who has gotten control of my computer?? It HAS to be. And you haven't even heard the half of it yet. Before I continue, let me say that I hooked up another notebook a couple of days ago, to rule out that it was the computer(or not). Well, we are experiencing the same troubles on TWO DIFFERENT COMPUTERS connected to the same router. No wifi, Ethernet connected. Plus the second computer just connected was a clean install to Windows 10, nothing on it.
These are all of the events that have happened on the two computers that I have recorded:
1) Command Prompt box comes up randomly and for one second on BOTH computers. We cannot get a print screen, but are trying so hard, but it goes by so fast. There IS writing, but we can't make it out, except we did catch the word "error" several times when it popped up, but we cannot make out anything else.
2) Malwarebytes Problem: On Sept. 4, I decided to run a scan. However, I got a message stating "could not connect to the service". So the first thing I decided to check out was Services. I found Malwarebytes and it was set to disabled and stopped. I set it to automatic and start and it started running normally again. I could not understand why it had been set to disabled and stopped, but gave it no further thought. Until Sept. 8. I noticed the Malwarebytes icon was gone from my desktop! Greatly disturbed by this, I investigated. I first checked to see if it was on my system somewhere, so I did a systemwide search. Yes, I found files, but when I clicked on ones that said application, it would not load, none of them. I looked in the add/remove programs list, and it was there. So I was confused. It wasn't uninstalled, yet it wasn't working. I got Microsoft online and they did a remote session with me to investigate. They looked at the files and some other things and came to the conclusion my Malwarebytes was "corrupted". I said how, they would not offer any theories. I said what do we do now? They advised the best thing would be to uninstall it, and re-install it. I agreed, but was worried as I had the premium version of Malwarebytes and was worried the reinstalled app. might not take the license codes. But they said it "should", so I reluctantly went ahead with their suggestion. First they tried to uninstall it from the add/remove programs list, but got an error message which prevented them from uninstalling it. So the tech downloaded a 3rd party uninstaller Revo Plus. Same thing even with that so-called superior uninstaller, error messages all over the places, bottom line would not uninstall. The tech said it appeared the "corruption was preventing the uninstall". I asked what to do now, and they did not know. I asked for a high level tech, but they said none was available, so I just signed out in disgust. This is getting long and I don't want to get cut off and have MUCH more I NEED to tell you for you all to get an accurate picture of what is going on here, so I will continue my post after this in a new post.
 

johnkromka

New Member
Continuing from previous post...
3) I use Kaspersky Total Security and also bought the VPN that goes with it called Secure Connection. On Sept. 3 I started my Kaspersky as usual, and the Total Security loaded okay, but I had a problem with the Secure Connection. It said "error loading Kaspersky Secure Connection". So we contacted support on the phone and they recommended we uninstall both and reinstall and assured us the license codes we had purchased would work. So that is what I did. Uninstalled both, re-installed both, put in the licenses, and everything back to normal. Secure Connection now working. Sept.9-Turned on Kaspersky and once again, like last time, Total Security loaded fine, but got the same error message on the Secure Connection....it would not load. This time the tech said he was going to send us a diagnostic tool to run to check out our system and then send it back to them to analyze and see what may be happening. So we ran the tool and sent it back last night and are awaiting to hear from them. I was so disgusted that, like Malwarebytes, I was suddenly having these problems. It seemed too coincidental to me. I was definitely thinking hacker at this point, because a hacker would not want things like Malwarebytes Premium or the Kaspersky VPN Secure Connection to be in working order to make it harder to catch him. All of my other apps. are working(I checked everything else out).
4) "Your Hotmail settings are out of date"- we have been getting this message the past few days. At first that didn't make any sense to me, but then I googled it, and seen others had this come up, as well. So maybe it was legitimate. I found a fix for it and when it popped up, I applied the fix and all appears to be fine now. I only bring this up because of the very suspicious activity I reported earlier in my Drafts folder of Hotmail. There might be a connection. Worth mentioning.
5) Mouse-At times, moves by itself. Other times, moves sluggishly or not at all. Other time, it is like we are "fighting" with someone for use of it. Very weird.
6) Shutdown of Computer-could not shut it down normally. Nothing happened. So had to shut it down manually. This has only happened once.
7) A blue screen-covered the entire desktop(no this is not the blue screen of death, I've seen that before). It just appeared out of nowhere and it said "you have errors"...correcting them, and it started some activity. No way to stop it, so decided had to turn off computer.
8) Box came up and I couldn't catch all of it, was so fast. Said something like "if you trust this device..." followed by some options to do. This is not normal.
9) Site in history we DID NOT go to-lockerdome.com/referral_redirected?cid=98, when put mouse over it there was a huge box full of numbers and letters.
10) Box comes up and said "this page has malicious malware" with sound"(This was on the computer we just connected which has no Kaspersky on it yet), so don't know why a warning like that would come up.
11) "Webcam access blocked"-this has come up on Kaspersky a few times in the past week
12) Clock/calendar popped up once on its own

I may have forgotten a couple of things. But you can see this computer is all messed up. I DO NOT believe it is malware infected, due to the things I have described on the list, especially those draft emails. I understand what you want me to read and do, but I felt it was necessary to list all of this additional information to give you the full picture of what is happening, and can therefore give me an informed reply on what you think is going on and recommend I do in response to all of this.

What we have done so far in response:
1) Did the upgrade on Windows 10 on Sept. 6. The tech told us this would solve the corruption. They were obviously wrong, and I am losing faith in Microsoft and their knowledge of computer problems.
2) Ran autoruns. However, when I saved the file and opened it, it said "the file is corrupted". That must show you how bad my situation is if the scan by autoruns became corrupted somehow.
3) Unticked the box in security where it says allow remote assistance, and in the firewall as well. But we just did that a few hours ago and since we did that, nothing has changed, but we felt it might help. It did not.
4) Ran Tweaking.com Windows Repair-it found a lot of stuff, but proved useless with all of these problems.
5) Turned off command prompt, yet it still comes up

Now I am no geek, but this is my opinion of what has happened. My computer has been hacked. The Israeli email suddenly appearing in my email Drafts folder is proof of that. There is someone, or some entity that somehow gotten onto my computer(actually not computer...through the internet connection, because I said BOTH computers are all messed up, so don't tell me it is a computer issue. Both computers are equally messed up, and as I said the second one was just connected a few days ago, and was a clean install of windows 10, not used. So how do we stop this insanity?? I called Microsoft and all they can tell me is to do a clean install again. No I will not, you idiots, that will NOT SOLVE THIS PROBLEM! Why can't they see that?? And what responsibility, if any, does my ISP have in this matter? Probably nothing...something in the fine print saying we are not responsible for hacker activity, etc., but I am still going to call them about it to see if others are having similar problems and can they help in any way. I could change internet service providers, but would that even stop this, I don't know. And then there is my local computer shop, which I haven't called yet. But I am hoping some of you fellas came help me out of this extremely discouraging, depressing situation. In all my years computing, I have NEVER remotely experienced anything like this. I WANT MY COMPUTER BACK!!!! Thank you!
 

johnb35

Administrator
Staff member
First advice to you would be to reset your router back to defaults, there is such a thing as router poisoning. Create a secure password for the router. Next thing to do would be to reinstall windows on both machines. If you've been hacked and windows is corrupted then that is your only course of action. What router do you have?
 

Agent Smith

Well-Known Member
You don't have to open up the ARN file up. Zip that file and upload here so that I can see it. DON'T USE Kaspersky! That is Russian crap. I would ditch it and the VPN they give you and just use Bitdefender Free. The vector could be that and their so-called VPN. Or in fact you do have a hacked router. Go into your router, note the firmware version and then look at the router's manufacture website. If there is an updated firmware, update it! I can't tell you how many infected routers try to connect to my websites.

If all else fails, format the computer and reinstall Windows. Or you could do a repair install.
 
Top