Command Prompt closes by itself
Solved
Thomasson19
Posted messages
5
Status
Member
-
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Hello, my command prompt for some unexplained reason opens and closes almost immediately.
I'm currently on Windows 10. I've checked if my computer is infected with a virus or malware but it's clean. I've tried the combination Win + R and typed "cmd /k", but I get the same result...
I want to use my command prompt to work with .bat (batch) files, so I'm trying simple things like;
"@echo off
echo "Test script"
pause"
I'm currently on Windows 10. I've checked if my computer is infected with a virus or malware but it's clean. I've tried the combination Win + R and typed "cmd /k", but I get the same result...
I want to use my command prompt to work with .bat (batch) files, so I'm trying simple things like;
"@echo off
echo "Test script"
pause"
2 answers
Good evening,
If there are really quotes at the beginning before "echo off" and after "pause", they need to be removed.
--
Please press any key to continue the disinfection...
If there are really quotes at the beginning before "echo off" and after "pause", they need to be removed.
--
Please press any key to continue the disinfection...
Thomasson19
Posted messages
5
Status
Member
No, of course not, but the problem isn't even there. It's the command prompt that has an issue.
I used FRST and here are the text documents provided:
https://pjjoint.malekal.com/files.php?id=FRST_20180829_j5j15d14k5n10
https://pjjoint.malekal.com/files.php?id=20180829_m10v7i14h13n7
https://pjjoint.malekal.com/files.php?id=20180829_p13s12f15o11s14
https://pjjoint.malekal.com/files.php?id=FRST_20180829_j5j15d14k5n10
https://pjjoint.malekal.com/files.php?id=20180829_m10v7i14h13n7
https://pjjoint.malekal.com/files.php?id=20180829_p13s12f15o11s14
Your problem is that the command prompt doesn't stay open when you run a .cmd file? Is that it?
I don't really see the connection with malware.
These programs are not useful and load on startup, you can uninstall them:
CCleaner
Driver Booster
Java
MEGAsync
WinPcap
Scan this file C:\Users\Dimitri\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe on https://www.virustotal.com/gui/ and post the link here.
I don't really see the connection with malware.
These programs are not useful and load on startup, you can uninstall them:
CCleaner
Driver Booster
Java
MEGAsync
WinPcap
Scan this file C:\Users\Dimitri\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe on https://www.virustotal.com/gui/ and post the link here.
I increasingly believe in the virus, to be honest. The file you asked me to analyze is impossible to analyze; I tested with another file and it analyzes, but this one does not.
I tried to analyze if any malicious programs were starting up with Autoruns, but I found something more interesting; https://www.noelshack.com/2018-35-4-1535621789-autorun-resultat.png
So I did some research and on the English forums I saw that I needed to check what HKEY_CURRENT_USER\Software\Microsoft\Command Processor was executing, so here is what it executes:
"@mode 15,1 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & start /MIN "" "C:\Users\Dimitri\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & explorer.exe & exit"
I tried to analyze if any malicious programs were starting up with Autoruns, but I found something more interesting; https://www.noelshack.com/2018-35-4-1535621789-autorun-resultat.png
So I did some research and on the English forums I saw that I needed to check what HKEY_CURRENT_USER\Software\Microsoft\Command Processor was executing, so here is what it executes:
"@mode 15,1 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & start /MIN "" "C:\Users\Dimitri\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & explorer.exe & exit"
The location is strange for an executable, it's not supposed to be placed there if it's an application.
Since you can't run VirusTotal, we'll get rid of it.
Here are the corrections to make with FRST. You can refer to this explanatory note with screenshots.
Restart FRST then press CTRL + Y on your keyboard.
The notepad will open, copy/paste this.
Save the content using the file menu and then save.
Close the notepad, return to FRST and click the "Corriger / Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
Since you can't run VirusTotal, we'll get rid of it.
Here are the corrections to make with FRST. You can refer to this explanatory note with screenshots.
Restart FRST then press CTRL + Y on your keyboard.
The notepad will open, copy/paste this.
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-936011622-3470379491-170390450-1000\...\Command Processor: @mode 15,1 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & start /MIN "" "C:\Users\Dimitri\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & explorer.exe & exit <==== ATTENTION
C:\Users\Dimitri\AppData\Roaming\Microsoft\SoundMixer
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Save the content using the file menu and then save.
Close the notepad, return to FRST and click the "Corriger / Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer.