Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Command Box Comes Up On Its Own


  • Please log in to reply

#1
johnkromka

johnkromka

    New Member

  • Member
  • Pip
  • 9 posts

Not sure where to post this, but I have done some preliminary research on this problem, and some say it may be a malware problem.  Here is what is happening:

On my wife's notebook(HP 2000) she has been experiencing a strange thing over the last month or so.  The command box will pop up seemingly whenever it wants(we have kept a record of the times, but no apparent pattern), stay there for no more than 1-2 seconds then disappear. She is trying to get a print screen, because there is something written in there which I am sure might reveal why the box keeps coming up.  However, it is up so short of time we can't tell what's written in there(not much).  One thing we are worried about is that someone said this could be a hacker trying to attempt to connect to our computer.  Another said it could be due to some kind of malware causing this.  Another said check the Task Scheduler. We went to Microsoft with it and they did a Remote Access, but because they cannot actually see what we are talking about they admitted they are limited in what they can do and as to what is causing it.  They did change some setting on command prompt(cannot remember exactly what) and said this might work.  It didn't. Then they recommended a drastic move, an upgrade of Windows 10.  So we just finished that.  Still comes up. Haven't gone back to Microsoft, thought would post in forum for ideas as to what this is, what might be the cause, and what we can do to try and stop it. It is just an annoyance, but it also could be something serious, like the hacker trying to connect thing(although the guy said this was "unlikely").  Bottom line, it is not normal and we don't really want to bring it to the shop unless we have to.  We want it to stop, so any ideas or suggestions would be most appreciated.  Thanks.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP
 

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
 

  • 0

#3
johnkromka

johnkromka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I will run the scan but more has happened since my first post which may prove very revealing. Please excuse the length, I will split it up into two posts, because I don't know if you have a maximum characters on postings:

I am now POSITIVE my machine has been hacked! Much more insanity has happened to my machine other than the command prompt box coming up. I will outline what has happened since my post and you decide, but I don't think any rational thinking person would disagree with me after you hear this evidence:
1) I was just browsing my Hotmail(Outlook) tonight and was floored to see 7 messages in my Drafts folder. I knew that was too many so I opened it up. 3 were written by me, but the last four were written by "somebody else" all 4 at exactly the same time 8:37pm. 3 of the 4 simply had Draft written in red print, followed by the time(all 8:37), There was no text message for all 4, but 3 said " Sent From Mail For Windows 10". The most telling one was one. It was sent to a [email protected]. I investigated this. I found out that .il is a domain from Israel, and that "walla" is a company in Israel, providing news and other services. I also checked "ron barkay" and all I could come up with was a ron barkay on Facebook, and guess where he's located? You're right....Israel. I googled walla a few times and found it associated with scam activities. I DID NOT WRITE ANY OF THESE EMAILS!! So how can I not be hacked from someone who has gotten control of my computer?? It HAS to be. And you haven't even heard the half of it yet. Before I continue, let me say that I hooked up another notebook a couple of days ago, to rule out that it was the computer(or not). Well, we are experiencing the same troubles on TWO DIFFERENT COMPUTERS connected to the same router. No wifi, Ethernet connected. Plus the second computer just connected was a clean install to Windows 10, nothing on it.
These are all of the events that have happened on the two computers that I have recorded:
1) Command Prompt box comes up randomly and for one second on BOTH computers. We cannot get a print screen, but are trying so hard, but it goes by so fast. There IS writing, but we can't make it out, except we did catch the word "error" several times when it popped up, but we cannot make out anything else.
2) Malwarebytes Problem: On Sept. 4, I decided to run a scan. However, I got a message stating "could not connect to the service". So the first thing I decided to check out was Services. I found Malwarebytes and it was set to disabled and stopped. I set it to automatic and start and it started running normally again. I could not understand why it had been set to disabled and stopped, but gave it no further thought. Until Sept. 8. I noticed the Malwarebytes icon was gone from my desktop! Greatly disturbed by this, I investigated. I first checked to see if it was on my system somewhere, so I did a systemwide search. Yes, I found files, but when I clicked on ones that said application, it would not load, none of them. I looked in the add/remove programs list, and it was there. So I was confused. It wasn't uninstalled, yet it wasn't working. I got Microsoft online and they did a remote session with me to investigate. They looked at the files and some other things and came to the conclusion my Malwarebytes was "corrupted". I said how, they would not offer any theories. I said what do we do now? They advised the best thing would be to uninstall it, and re-install it. I agreed, but was worried as I had the premium version of Malwarebytes and was worried the reinstalled app. might not take the license codes. But they said it "should", so I reluctantly went ahead with their suggestion. First they tried to uninstall it from the add/remove programs list, but got an error message which prevented them from uninstalling it. So the tech downloaded a 3rd party uninstaller Revo Plus. Same thing even with that so-called superior uninstaller, error messages all over the places, bottom line would not uninstall. The tech said it appeared the "corruption was preventing the uninstall". I asked what to do now, and they did not know. I asked for a high level tech, but they said none was available, so I just signed out in disgust. This is getting long and I don't want to get cut off and have MUCH more I NEED to tell you for you all to get an accurate picture of what is going on here, so I will continue my post after this in a new post.


  • 0

#4
johnkromka

johnkromka

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Continuing from previous post...
3) I use Kaspersky Total Security and also bought the VPN that goes with it called Secure Connection. On Sept. 3 I started my Kaspersky as usual, and the Total Security loaded okay, but I had a problem with the Secure Connection. It said "error loading Kaspersky Secure Connection". So we contacted support on the phone and they recommended we uninstall both and reinstall and assured us the license codes we had purchased would work. So that is what I did. Uninstalled both, re-installed both, put in the licenses, and everything back to normal. Secure Connection now working. Sept.9-Turned on Kaspersky and once again, like last time, Total Security loaded fine, but got the same error message on the Secure Connection....it would not load. This time the tech said he was going to send us a diagnostic tool to run to check out our system and then send it back to them to analyze and see what may be happening. So we ran the tool and sent it back last night and are awaiting to hear from them. I was so disgusted that, like Malwarebytes, I was suddenly having these problems. It seemed too coincidental to me. I was definitely thinking hacker at this point, because a hacker would not want things like Malwarebytes Premium or the Kaspersky VPN Secure Connection to be in working order to make it harder to catch him. All of my other apps. are working(I checked everything else out).
4) "Your Hotmail settings are out of date"- we have been getting this message the past few days. At first that didn't make any sense to me, but then I googled it, and seen others had this come up, as well. So maybe it was legitimate. I found a fix for it and when it popped up, I applied the fix and all appears to be fine now. I only bring this up because of the very suspicious activity I reported earlier in my Drafts folder of Hotmail. There might be a connection. Worth mentioning.
5) Mouse-At times, moves by itself. Other times, moves sluggishly or not at all. Other time, it is like we are "fighting" with someone for use of it. Very weird.
6) Shutdown of Computer-could not shut it down normally. Nothing happened. So had to shut it down manually. This has only happened once.
7) A blue screen-covered the entire desktop(no this is not the blue screen of death, I've seen that before). It just appeared out of nowhere and it said "you have errors"...correcting them, and it started some activity. No way to stop it, so decided had to turn off computer.
8) Box came up and I couldn't catch all of it, was so fast. Said something like "if you trust this device..." followed by some options to do. This is not normal.
9) Site in history we DID NOT go to-lockerdome.com/referral_redirected?cid=98, when put mouse over it there was a huge box full of numbers and letters.
10) Box comes up and said "this page has malicious malware" with sound"(This was on the computer we just connected which has no Kaspersky on it yet), so don't know why a warning like that would come up.
11) "Webcam access blocked"-this has come up on Kaspersky a few times in the past week
12) Clock/calendar popped up once on its own

I may have forgotten a couple of things. But you can see this computer is all messed up. I DO NOT believe it is malware infected, due to the things I have described on the list, especially those draft emails. I understand what you want me to read and do, but I felt it was necessary to list all of this additional information to give you the full picture of what is happening, and can therefore give me an informed reply on what you think is going on and recommend I do in response to all of this.

What we have done so far in response:
1) Did the upgrade on Windows 10 on Sept. 6. The tech told us this would solve the corruption. They were obviously wrong, and I am losing faith in Microsoft and their knowledge of computer problems.
2) Ran autoruns. However, when I saved the file and opened it, it said "the file is corrupted". That must show you how bad my situation is if the scan by autoruns became corrupted somehow.
3) Unticked the box in security where it says allow remote assistance, and in the firewall as well. But we just did that a few hours ago and since we did that, nothing has changed, but we felt it might help. It did not.
4) Ran Tweaking.com Windows Repair-it found a lot of stuff, but proved useless with all of these problems.
5) Turned off command prompt, yet it still comes up

Now I am no geek, but this is my opinion of what has happened. My computer has been hacked. The Israeli email suddenly appearing in my email Drafts folder is proof of that. There is someone, or some entity that somehow gotten onto my computer(actually not computer...through the internet connection, because I said BOTH computers are all messed up, so don't tell me it is a computer issue. Both computers are equally messed up, and as I said the second one was just connected a few days ago, and was a clean install of windows 10, not used. So how do we stop this insanity?? I called Microsoft and all they can tell me is to do a clean install again. No I will not, you idiots, that will NOT SOLVE THIS PROBLEM! Why can't they see that?? And what responsibility, if any, does my ISP have in this matter? Probably nothing...something in the fine print saying we are not responsible for hacker activity, etc., but I am still going to call them about it to see if others are having similar problems and can they help in any way. I could change internet service providers, but would that even stop this, I don't know. And then there is my local computer shop, which I haven't called yet. But I am hoping some of you fellas came help me out of this extremely discouraging, depressing situation. In all my years computing, I have NEVER remotely experienced anything like this. I WANT MY COMPUTER BACK!!!! Thank you!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP