Windows Command Processor Notification

Hello all,

I keep getting the windows command processor notification despite clicking no. I read a few thread on the net, so it seems like it’s a virus/trojan?
I have in the last ten minutes or so posted about this in another forum, is it ok to get support from two different sites? Also all this is happening on my other laptop. I have run microsoft support emergency response tool and it found one infected file/item but it could not remove it. I’ve also downloaded malwarebytes but that won’t start up when clicked.

I would be grateful for any help as I am very worried about this all.

welcome to the forum. i suggest you follow this guide.

http://forum.avast.com/index.php?topic=53253.0

what was the infection the tool from Microsoft found?
anything from malwarebytes?

good luck

I've also downloaded malwarebytes but that won't start up when clicked.
[b]Use Chameleon to run Malwarebytes Anti-Malware on infected systems[/b] http://helpdesk.malwarebytes.org/entries/20872371-use-chameleon-to-run-malwarebytes-anti-malware-on-infected-systems

Chameleon Gets Malwarebytes Anti-Malware Installed and Running
http://www.malwarebytes.org/products/chameleon/

It is not advisable to get assistance on two different forums, as each malware remover will approach the problem in a different way. This can lead to damage to the system

Hello and thank you for your replies.

I can’t remember exactly what the infection was but i remember the name “ramnit”?

I have discontinued the help from the other website and i am only now concentrating on the support from this website.

I will follow the guide to get malwarebytes working and get back to you.

also see the guide Mikaelrask gave you…and attch the logs…we need

AdwCleaner
Malwarebytes
OTL
aswMBR

Ok, will do.

I also forgot to mention that I installed Norton 360 and did a full scan. It found 119 infected files or something like that and that
it had dealt with them. I restarted but the problem is still appearing.

No surprise since Ramnit is a fileinfector…meaning this may end with a reinstall :-[

but lets see what Essexboy say when he have the logs

I’ve followed the guide and have attached the logs. I only need to attach one more log in my next post.

I would also like to point out that in the past i tried to install AVG anti-virus but it would not respond when installed
or would not install at all, i can’t remember exactly.

do you also have aswMBR log?

I would also like to point out that in the past i tried to install AVG anti-virus but it would not respond when installed
many malware will try to block install of AV....also if you already had Norton installed that can also be the reason. Never install more then one AV

I’ve attached the final log.

Thanks for the advice about never installing two AV’s.

Is it safe to be on the net and on websites like ebay and checking e-mails whilst all this is going on?

with Ramnit on board…i doubt it

Ramnit info
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Ramnit

No you need to isolate the system… Be advised this may well not work

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop

[]Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
[
]Launch drwebliveusb.exe.
[*]The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).

https://dl.dropbox.com/u/73555776/liveusb_ru.jpg

[]To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
[
]Files will be copied automatically.
[]Once the copying process is completed, press the Exit button to close the application.
[
]Reboot the infected computer with the USB in the drive
[]Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
[
]As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdbootscreen.gif

[*]Use arrow keys to select DrWeb-LiveCD (Default)

[*]When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.

http://i1224.photobucket.com/albums/ee362/Essexboy3/Dr%20Web%20shots/livecdDriveselection.gif

[]The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
[
]Once completed reboot to normal windows
[*]No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

Ok, I will do this. Some questions though:

By USB flash drive, do you mean USB stick?

When saying about formatting, do you mean formatting the USB flash drive?

I’m thinking of getting a new laptop in any case but it is advisible to get this one sorted right?
Can this virus get onto a new laptop if I was to transfer everything from one hard drive to another.

Lastly, can this virus spread through a network (home or work network) and get to other Computers, PC,s, Laptops, etc.

Lastly, can this virus spread through a network (home or work network) and get to other Computers, PC,s, Laptops, etc.
see the ramnit info i posted above

Essexboy should be back in here in 3-4 hours :wink:

Can this virus get onto a new laptop if I was to transfer everything from one hard drive to another.
Dependant on what you transfer... But yes
When saying about formatting, do you mean formatting the USB flash drive?
Yes the USB stick/drive will need to be formatted
By USB flash drive, do you mean USB stick?
Aye they are the same animal

Well the files I would transfer are photoshop files, music files, etc.

The ramnit info doesn’t mention about networks but does mention about removable drives.
Is a external hard drive a removable drive?

I will proceed to the next guide shortly and get back to you ASAP.

EDIT: Apologies for not notifying you about this ASAP but The Windows Command Processor Notification stopped yesterday
after the malwarebytes scan and reboot. But this doesn’t mean it’s gone right? I read on other threads and forums that it
would make an appearance again.

Correct it has not gone. I will give a list of file types not to copy if it comes to that

Ok, I have used Dr web live and then scanned with OTL. The OTL log is attached to this post.

When Dr web live finished scanning it found two threats. Those two threats were to do with
my printer. I can’t remember what exactly but I think the word plugin was in there as well as
other words.

Also I pressed the cure button on both. On the first one it said it was deleted in one of the columns
but on the second one I pressed the cure button and i’m sure it performed the action and deleted it
but in the column it said nothing. I pressed it a few more times and a error came up, as if it had already
performed the action. Everything is ok right? It had deleted it but just didn’t show up/say in the column?

OK how is the computer behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2472271074-1238287900-578679825-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2012/10/06 18:40:30 | 000,000,000 | ---D | C] -- C:\Users\Puppy\AppData\Local\htxxysiq

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now