It haven't caused any damage or anything whatsoever (That I know of) but it really made me concerned about this because it would happen on a daily basis, usually when I turn on my computer.

I managed to obtain a screenshot of the process when I was trying to play Morrowind.

EDIT: It seems that it is scheduled for when it runs... one of the time is 9:53 PM. Thanks for helping for those who tried to help.
 

Attachments

Last edited:

Slyguy

Level 43
1) Is it a legit or cracked copy of the game?
2) Do you have any mods installed? Sometimes mods update themselves.
3) Have you run netstat -a and see open connections, then the IP where it is going?

Also the fact it says 'zYBveIJK' causes concern. Our MSP sees a lot of malware use random letters for payloads, directories and file names. If it is a cracked version all bets are off. I strongly discourage pirated software not so much out of principle, but because so much of it is backdoored/compromised.
 
Last edited:

AtlBo

Level 27
Verified
Content Creator
It haven't caused any damage or anything whatsoever (That I know of) but it really made me concerned about this because it would happen on a daily basis, usually when I turn on my computer.
AUTORUNS might help you see what this is to some extent. It's not so easy to set up, but you might consider installing NVT ERP. It will help you get a look at the exact command line that is spawing the cmd prompt. You will likely then also know what file is spawning it or if it is started by a scheduled task or runonce, etc.
 

Vasudev

Level 30
Verified
It haven't caused any damage or anything whatsoever (That I know of) but it really made me concerned about this because it would happen on a daily basis, usually when I turn on my computer.

I managed to obtain a screenshot of the process when I was trying to play Morrowind.
I think its a copying your docs to some networked PC and will lock out your PC in a few days. Best option is to run LiveCD AVs from Dr. Web, Kaspersky or ESET to clean up malware outside of windows environment.
 
1) Is it a legit or cracked copy of the game?
2) Do you have any mods installed? Sometimes mods update themselves.
3) Have you run netstat -a and see open connections, then the IP where it is going?

Also the fact it says 'zYBveIJK' causes concern. Our MSP sees a lot of malware use random letters for payloads, directories and file names. If it is a cracked version all bets are off. I strongly discourage pirated software not so much out of principle, but because so much of it is backdoored/compromised.
1) It's a cracked version that I got from a friend just yesterday when I took the screenshot. But the problem has been going on since 3 days ago.
2) Yes, I have a couple of mods installed that I managed to set up by myself, but I don't think any of them can update themselves since well... I made them.
3) I ran a netstat -a operation just now, but since I'm not too knowledgeable in CMD's... I can't really tell...

But I thought CMD Pops up are discussed here.
 

tim one

Level 21
Verified
Trusted
Malware Hunter
If your game copy is legit then the cmd message may be related to some module (updates, game levels saving, etc).
If you are instead using a cracked copy then it is definitely better to get rid of the game and asking for assistance in the MRA forum as said above.
 
If your game copy is legit then the cmd message may be related to some module (updates, game levels saving, etc).
If you are instead using a cracked copy then it is definitely better to get rid of the game and asking for assistance in the MRA forum as said above.
Yes, I've rid the game from my computer. But I don't think my cracked copy of Morrowind is the cause of the problem since I just got Morrowind yesterday and the issue's been going on for 2+ days.
 
It's stunning to me that someone would use a cracked Morrowind when it sells for around $7 on Steam. I spent that on coffee this morning already.
xD Well... I'm not a fan of The Elder Scroll series and I didn't know the price. My friend just gave it to me yesterday.
 

Telos

Level 19
Verified
Content Creator
Check Task Scheduler for run history and see what matches up with the CMD window appearance. As others have mentioned, Autoruns can help here too (and don't forget looking in msconfig).
 
Top