Troubleshoot CMD Popping up every 1-3 min

[turki]

Hello something weird happened to me after i tried to install a program
every 1-3 min more than 6 cmd process pops up then disappear in half a second
i used most of the malware programs to check if theres a virus
MalwareBytes
Tdsskiller
Roguekiller
i also tried to disable all programs (Clean boot) to Check if the program got fixed but no
and it's worth mentioning that when i exit google chrome after i used it deleted history itself the next time i run it

 

[AlanOstaszewski]

Check with Process Explorer all processes and its VirusTotal Rating. If you are not so advanced then run...

Zemana AntiMalware Portable and scan your system:
Clean your computer in minutes with Zemana AntiMalware, no matter how badly infected!

Emsisoft Emergency Kit and scan your system:
Emsisoft | Emergency Kit: Free Portable Malware Scan and Removal

 

[Parsh]

Firstly, you need to clearly express the problem and the sequences. You did a clean boot, however it didn't work out. Which issue was persistent? The cmd popups right?

and it's worth mentioning that when i exit google chrome after i used it deleted history itself the next time i run it

You mention this at the end of problem description, but the Symptoms List says that the problem is solved after a Chrome reinstall. is this problem finally fixed now? Can you mention/share the link of what program supposedly caused this problem? This can help avoid unnecessary steps.

There are chances that your system is not infected by malware. However to clear any suspicions, perform scans with Zemana Antimalware and Emsisoft Emergency Kit as suggested above. Both will likely detect and resolve any adware, spyware, known malware, browser hijacking, process hollowing etc. Post the results of the scans here for us.
You can also download Comodo Cleaning Essentials. Download and extract the downloaded zip. Then run the "KillSwitch.exe" file from the extracted folder. It will show the "Rating" of different processes running in your system.

If it shows "Unknown" or "Untrusted" or other negative Trust ratings, post the screenshot of those views here.

 

[turki]

Check with Process Explorer all processes and its VirusTotal Rating. If you are not so advanced then run...

Zemana AntiMalware Portable and scan your system:
Clean your computer in minutes with Zemana AntiMalware, no matter how badly infected!

Emsisoft Emergency Kit and scan your system:
Emsisoft | Emergency Kit: Free Portable Malware Scan and Removal

Great!
thanks man you are the best i found 7 suspicious using Zemana AntiMalware
but it's funny how malwarebytes Considered to be one of the most anti-malware but didn't fix the problem
i guess i'm gonna keep Zemana AntiMalware in my pc
and thanks again for the help i appreciate the help here in this forum

 

[Parsh]

Great!
thanks man you are the best i found 7 suspicious using Zemana AntiMalware
but it's funny how malwarebytes Considered to be one of the most anti-malware but didn't fix the problem
i guess i'm gonna keep Zemana AntiMalware in my pc
and thanks again for the help i appreciate the help here in this forum

Can you post the screenshot of the detections here before clearing them?

 

[turki]

Firstly, you need to clearly express the problem and the sequences. You did a clean boot, however it didn't work out. Which issue was persistent? The cmd popups right?

You mention this at the end of problem description, but the Symptoms List says that the problem is solved after a Chrome reinstall. is this problem finally fixed now? Can you mention/share the link of what program supposedly caused this problem? This can help avoid unnecessary steps.

There are chances that your system is not infected by malware. However to clear any suspicions, perform scans with Zemana Antimalware and Emsisoft Emergency Kit as suggested above. Both will likely detect and resolve any adware, spyware, known malware, browser hijacking, process hollowing etc. Post the results of the scans here for us.
You can also download Comodo Cleaning Essentials. Download and extract the downloaded zip. Then run the "KillSwitch.exe" file from the extracted folder. It will show the "Rating" of different processes running in your system.
View attachment 161521
If it shows "Unknown" or "Untrusted" or other negative Trust ratings, post the screenshot of those views here.

yes i will keep what you said in mind and thanks for helping

 

[AlanOstaszewski]

Great!
thanks man you are the best i found 7 suspicious using Zemana AntiMalware
but it's funny how malwarebytes Considered to be one of the most anti-malware but didn't fix the problem
i guess i'm gonna keep Zemana AntiMalware in my pc
and thanks again for the help i appreciate the help here in this forum

No problem you're welcome! I use MalwareBytes only to clean up PUP-s. I know that Zemana is a very good second opinion scanner.

 

[turki]

Can you post the screenshot of the detections here before clearing them?

i wish i Could screenshoted it but i replied after i did the Clean
however i have the report from Zemana AntiMalware if that is enough

Spoiler: Zemana AntiMalware 2.74.2.76 (Portable)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017/7/29
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
BIOS Mode : UEFI
CUID : 127C6A2F012887B89CD553
Scan Type : System Scan
Duration : 7m 20s
Scanned Objects : 55334
Detected Objects : 8
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Security Center Disabled
Status : Scanned
Object : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potentially Unwanted Modification
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start = 4

Security Center Disabled
Status : Scanned
Object : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potentially Unwanted Modification
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart = disabled

NlaSvc Manual Proxies
Status : Scanned
Object : HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potentially Unwanted Modification
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 1http=127.0.0.1:8080;https=127.0.0.1:8080

Proxy Enabled (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potentially Unwanted Modification
Cleaning Action : Repair
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled

Proxy Server (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potentially Unwanted Modification
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080

setup.exe
Status : Scanned
Object : %userprofile%\desktop\ds\setup.exe
MD5 : A9E0173A2B4DCD5F756C7F945D868BC2
Publisher : -
Size : 4658176
Version : 1.1.1.2
Detection : Adware:Win32/InstallMonster
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\desktop\ds\setup.exe

لم يتم تأكيده 561553.crdownload
Status : Scanned
Object : %userprofile%\downloads\لم يتم تأكيده 561553.crdownload
MD5 : A9E0173A2B4DCD5F756C7F945D868BC2
Publisher : -
Size : 4658176
Version : 1.1.1.2
Detection : Adware:Win32/InstallMonster
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\لم يتم تأكيده 561553.crdownload

sysnetwk.exe
Status : Scanned
Object : NE->c:\programdata\microsoft\network\dsq\network\sysnetwk.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/ProxyChanger.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)


Cleaning Result
-------------------------------------------------------
Cleaned : 8
Reported as safe : 0
Failed : 0

also you Can see the setup program file got deleted too from my desktop

okay that's really wierd the cmd problem got back after i restarted my pc
the things i did before i restarted is
i enabled both the startup and services programs
im performing zemana scan again and
i'll update

okay that's really wierd the cmd problem got back after i restarted my pc
the things i did before i restarted is
i enabled both the startup and services programs
im performing zemana scan again and
i'll update

Please perform a Emsisoft Scan too.

 

[turki]

Please perform a Emsisoft Scan too.

i performed emsisoft scan and haven't found anything before i restarted
i will perform again

okay....
it found a new object

 

[turki]

should i delete it or what ?

 

[AlanOstaszewski]

View attachment 161522

Yes delete it! You can quarantine this file. This is fake.
How to remove Sysnetwk.exe adware (Virus Removal Guide)

You can also check this path and delete other files.

 

[turki]

oka

Yes delete it! You can quarantine this file. This is fake.
How to remove Sysnetwk.exe adware (Virus Removal Guide)

You can also check this path and delete other files.

okay i will delete it restart the pc again and i will update asap

 

[AlanOstaszewski]

oka

okay i will delete it restart the pc again and i will update asap

Yes, do this!

 

[turki]

Yes, do this!

okay cmd is still poping
im scanning zemana and i'm at 14% scanning and already found 4 new suspicious objects
i'll update soon

 

[Exterminator]

It is most likely not malware related.
Please refer to this CMD pop-up topics not to be posted in Malware Removal Assistance

 

[turki]

okay cmd is still poping
im scanning zemana and i'm at 14% scanning and already found 4 new suspicious objects
i'll update soon

okay sysnetwork is back
if i deleted it the cmd popping will stop
question is how i deleted permanently ?

 

[AlanOstaszewski]

okay sysnetwork is back
if i deleted it the cmd popping will stop
question is how i deleted permanently ?

Go to this path and delete the whole folder. Then do a scan with CCleaner Then remove all malicious files with Zemana. Get a realtime protection. Download Avast. It will stop duplicating this malware.

 

[Evjl's Rain]

use zemana to scan again by following these steps:
1/ open zemana main screen
2/ open "my computer" or "This PC"
3/ drag the C: drive icon to zemana "drag and drop files here to scan them"
4/ remove all the threats
5/ you may have to do it again with D: and E: if any

explain: zemana's default scan doesn't scan "Users" folder so many malwares can be missed