Troubleshoot CMD pops up and starts file transfer.

quick maffs

Level 1
Thread author
Dec 27, 2017
6
It haven't caused any damage or anything whatsoever (That I know of) but it really made me concerned about this because it would happen on a daily basis, usually when I turn on my computer.

I managed to obtain a screenshot of the process when I was trying to play Morrowind.

EDIT: It seems that it is scheduled for when it runs... one of the time is 9:53 PM. Thanks for helping for those who tried to help.
 

Attachments

  • Untitled.png
    Untitled.png
    1.4 MB · Views: 488
Last edited:
F

ForgottenSeer 58943

1) Is it a legit or cracked copy of the game?
2) Do you have any mods installed? Sometimes mods update themselves.
3) Have you run netstat -a and see open connections, then the IP where it is going?

Also the fact it says 'zYBveIJK' causes concern. Our MSP sees a lot of malware use random letters for payloads, directories and file names. If it is a cracked version all bets are off. I strongly discourage pirated software not so much out of principle, but because so much of it is backdoored/compromised.
 
Last edited by a moderator:
Upvote 0

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
It haven't caused any damage or anything whatsoever (That I know of) but it really made me concerned about this because it would happen on a daily basis, usually when I turn on my computer.

AUTORUNS might help you see what this is to some extent. It's not so easy to set up, but you might consider installing NVT ERP. It will help you get a look at the exact command line that is spawing the cmd prompt. You will likely then also know what file is spawning it or if it is started by a scheduled task or runonce, etc.
 
Upvote 0

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
It haven't caused any damage or anything whatsoever (That I know of) but it really made me concerned about this because it would happen on a daily basis, usually when I turn on my computer.

I managed to obtain a screenshot of the process when I was trying to play Morrowind.
I think its a copying your docs to some networked PC and will lock out your PC in a few days. Best option is to run LiveCD AVs from Dr. Web, Kaspersky or ESET to clean up malware outside of windows environment.
 
Upvote 0

quick maffs

Level 1
Thread author
Dec 27, 2017
6
1) Is it a legit or cracked copy of the game?
2) Do you have any mods installed? Sometimes mods update themselves.
3) Have you run netstat -a and see open connections, then the IP where it is going?

Also the fact it says 'zYBveIJK' causes concern. Our MSP sees a lot of malware use random letters for payloads, directories and file names. If it is a cracked version all bets are off. I strongly discourage pirated software not so much out of principle, but because so much of it is backdoored/compromised.

1) It's a cracked version that I got from a friend just yesterday when I took the screenshot. But the problem has been going on since 3 days ago.
2) Yes, I have a couple of mods installed that I managed to set up by myself, but I don't think any of them can update themselves since well... I made them.
3) I ran a netstat -a operation just now, but since I'm not too knowledgeable in CMD's... I can't really tell...


But I thought CMD Pops up are discussed here.
 
Upvote 0

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
If your game copy is legit then the cmd message may be related to some module (updates, game levels saving, etc).
If you are instead using a cracked copy then it is definitely better to get rid of the game and asking for assistance in the MRA forum as said above.
 
Upvote 0

quick maffs

Level 1
Thread author
Dec 27, 2017
6
If your game copy is legit then the cmd message may be related to some module (updates, game levels saving, etc).
If you are instead using a cracked copy then it is definitely better to get rid of the game and asking for assistance in the MRA forum as said above.

Yes, I've rid the game from my computer. But I don't think my cracked copy of Morrowind is the cause of the problem since I just got Morrowind yesterday and the issue's been going on for 2+ days.
 
  • Like
Reactions: Syafiq
Upvote 0

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Check Task Scheduler for run history and see what matches up with the CMD window appearance. As others have mentioned, Autoruns can help here too (and don't forget looking in msconfig).
 
  • Like
Reactions: AtlBo
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top