Hello, yesterday when I booted up my desktop, the cmd.exe window popped up and just sat there. It didn’t try to run anything, so I exited out of it and ran Malwarebyte and Avast and both came up negative. I restarted/shutdown a couple of times to see if this was a recurring issue but nothing seemed to happen, so although suspicious, I just waved it off.

Today, when I got home and booted up, the cmd.exe popped up again but this time it seemed to have done something and closed itself before I could get a look. Again, I tried a couple of restarts to see if it would reoccur, but nothing. Now I’m sufficiently paranoid enough to ask for help. I don’t know if this is a threat or not so any assistance is appreciated.

I’ve followed the instructions and have attached what I think are the appropriate logs (aswmbr had a positive hit with ITH, but that’s just a text hooking tool that’s been around pretty much forever on this pc and doesn’t cause any problems).

Thanks and sorry for the trouble.

Can you please refer to this link https://forum.avast.com/index.php?topic=53253.0 and follow the directions and attach the other logs required for the malware removal specialist.

After attaching your other logs, do not make any changes to your machine, including trying to fix it or play with it, sync devices to it, and if attached to a network disconnect it from the network.

A malware specialist will be along to review your logs once you post the others. Thank you.

Hi you are running Comodo Antivirus as well this can cause unusual behaviour. Does this happen every boot or once a day

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

C:\Users\Oriour\Desktop\back\ITH\ITH.exe S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Hi you are running Comodo Antivirus as well this can cause unusual behaviour. Does this happen every boot or once a day.

I had no idea that was even on, I thought it was just the firewall and defense+.

Anyways, I thought the cmd popup might’ve been once a day, but it didn’t appear this time when I booted up.

Ran the fix anyways.

Could you monitor for a day and let me know if it re-appears

Otherwise how is the computer behaving

Sure thing, though the popup seems to have stopped after that 2nd instance I mentioned.

PC seems to behaving normal again.