Will cmd.exe run without user action?

[Castout]

Does it need any internet connection in clean system because if not I intend to block its internet access and could it run itself from time to time without user action when system is at idle(no usage)?


Just curious

I know it's the command prompt I found out that it was trying to run in the background. Avira, Malwarebytes, Threatfire scans all found nothing in my system.

Command windows can run hidden.
Something is launching it as it should never start on it's own.
And never hidden like you posted.

I'd run 'Hijack This' and get a report of what is Starting up when you
power up your system.

I can think of several reasons it would run at start up, then not shut down.

[the_tyrant]

try this!

in notepad, input this:
@echo off
:a
explorer
goto a

save the above 4 lines as a batch (.bat) file

drag it in (the folders are hidden)
C:\Documents and Settings\(user)\Start Menu\Programs\Startup (if your using xp)
or

C:\users\(user)\AppData\Roaming\Microsoft\Windows\ Start Menu (if your using vista)

C:\Users\(User-Name)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (if your using windows 7)

restart and you shall feel the power of the batch file!

Don't actually though

anyways, command prompt popping up can be because you are running programs based in command prompt (telnet, ping, nmap, etc)
or it can be because you are running batch files

of course, it could be some really clumsy hacker

[Castout]

Yeah it was a hacker.

he hacked into my system and created account for himself which I got rid before but he's getting smarter that the hacked reg entries won't show on on Hijack this list but it will show up if you copy and paste the log . . . . .

He made the gadgets inaccessible and made my PC to abruptly powered off and unable to start.

Guess it was a Christmas present. I'm sure more to come

[Castout]

Quote:

Originally Posted by MaddogK

nice to know, but keep in mind some apps do actually start a cmd window when executed in order to perform certain tasks. This is a classic example of why one should not run with admin rights all the time.

Yeah I'm not sure if it was hacker but my gadgets became inaccessible and I found new suspicious registry entries while no other new software has been installed.

The following 2:
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

I found them on earlier scan and already deleted them and confirmed they were deleted but they were back yesterday but was not listed on HijackList list except if you copy and paste the log file. In fact they didn't show on the log file either but if you copy and paste the log file they will get shown

I don't think I have any app that's using cmd.exe.
Funny thing the log showed the cmd.exe came from a folder which I could not find even if I already unhide all hidden folder and files.

[Castout]

Can anybody suggest whether the following two entries exist in their windows 7 hijackthis list?

Or are they part of malware?

The following 2:
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

Please the last thing I want is ruining my Seven installation. I already deleted them and now wondering.

[Gerald]

Quote:

Originally Posted by Castout

Can anybody suggest whether the following two entries exist in their windows 7 hijackthis list?

Or are they part of malware?

The following 2:
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

Please the last thing I want is ruining my Seven installation. I already deleted them and now wondering.

Had you not done earlier scans, which proved that "someone" had been inside the computer before,

[Castout]

Quote:

Originally Posted by Vendor

Had you not done earlier scans, which proved that "someone" had been inside the computer before,

Umm unfortunately not. I was a happy wee using Norton thinking it was all safe jolly good.

Just left the PC for about 2 hours and when it came back it reported critical windows error but I was able to reboot it and though unable to connect to the internet for about 7-8 minutes it managed to connect itself in the end.

[Gerald]

Quote:

Originally Posted by Castout

Umm unfortunately not. I was a happy wee using Norton thinking it was all safe jolly good.

Just left the PC for about 2 hours and when it came back it reported critical windows error but I was able to reboot it and though unable to connect to the internet for about 7-8 minutes it managed to connect itself in the end.

I did some searches and there are indications of an infection, you can remove manually, here are some links. REGARDING Connect so tend not to be a problem when W7 usually solve it yourself,

http://www.spyandseek.com/Search.php...earch_for=hkus

http://pressf1.pcworld.co.nz/showthread.php?t=97907

http://www.computing.net/answers/sec...tes/29357.html

http://tweaks.com/forum/Topic255237-29-1.aspx

http://www.techsupportforum.com/secu...-internet.html

Look and compare, I can see differences in your system, versus that which is available here

[Castout]

Thanks I already looked at them. Except the first link they are rather useless imo and I already looked at the first link before.

But thanks for the effort

[Gerald]

Quote:

Originally Posted by Castout

Thanks I already looked at them. Except the first link they are rather useless imo and I already looked at the first link before.

But thanks for the effort

There was so little, but I suggest you take the program Spybot S & D if you do not have it yet, it can be a useful adjunct to minimize the risk of future intrusions, and it is independent, run a scan with it to see where that may exist, then it makes a fine bot scan

http://www.safer-networking.org/en/index.html

[Castout]

I found out that my games were no longer working somehow and God knows what else.

I just reinstalled everything


I know or aware from a long time ago that there's no way to protect a home PC from manual hacker attack much less if it was organized determined attacks done on behalf of some rogue state for extended period of time like years.

I lost my Vista CD to hacking it cracked because I was popping it in and out too many times. My installation only lasted 3-6 days on average then. The OS just kept crashing. My guess it was an attempt to force me to change my sensitive signatures that I had been using in the many forums that I frequented. And now I can only suspect it is an attempt to force me to change my sig too especially the provided picture but I've learned one important concept. That is initiative and autonomy. Nobody but God can make me do anything that I do not wish. I have control.... LOL. At least I know I'm frustrating some people and when you're frustrating a party that could only mean that you hold the initiative. That's the only reason why they are trying to frustrate me back by ruining my OS.

Before I made the switch to 7 my old Vista installation was also hacked into. Faulty registry entries due to hacking no not ordinary registry error, you need to fix them manually and I don't think the registry cleaner did that and my whole firefox installation was gone! though I could still run firefox but it just wasn't in the usual folder. In fact I couldn't find where my firefox.exe was located.

It's the same kind of attack every time so I guess it's the same kind of hacker[s] every time too. And yes I always protect my PC to the best of my knowledge.

[Gerald]

And now it works smooth,

[Castout]

Quote:

Originally Posted by Vendor

And now it works smooth,

Yep until the same people decided to impress me with their hacking equipment and skills. They would impress me if they tried Pentagon. Me? Meh.

Funny thing they left me alone for some months when I was forced to install a non genuine copy of vista since I cracked my genuine Vista cd.

Knowing how funny some people can be [quite irrational and dramatic] I'm almost guessing that since the genuine windows have a made in Singapore print on their boxes perhaps some people who rule there think they are theirs by rights much like the people who live there and their livelihood .

. They are indeed FUNNY people. Hey three people agreed with me as proved by my signature picture. But I'm sure the death threat reply to my comment will get more thumb up than just three with time LOL. Maybe. Either way whether it will get more thumb up or nor it's all good for me since the reply is indeed a death threat. South East Asia or even Asia in general and democracy and human rights is like looking for camel in the Everest mountain that is when you do find them they are already dead or fossilized.