Malware Trouble; Random Command Prompt, Pop-Ups in Chrome.

Page 1 of 3 123 LastLast

  1. AustFisch
    Posts : 9
    Windows
       New #1

    Malware Trouble; Random Command Prompt, Pop-Ups in Chrome.


    Hey guys,

    I'm currently having trouble getting a certain malware off my computer. It is nearly impossible to find. I've ran multiple scans on malware bytes and windows defender; finding nothing or only a few files that do not change the pop-ups and command prompts.

    Symptoms:
    - Sometimes there will be a command prompt that shows up (the black box with white text) for a quick second and it ends up going away within one second.

    - After using Chrome (or Firefox --- or any browser) a new tab will appear entitled "seen on screen" and another about games.

    I was wondering if anyone knew of a file that this adware creates that's running things in the command prompt and what not.

    Thanks!
      My Computer
    Quote Quote

  3. swarfega
    Posts : 7,254
    Windows 10 Pro 64-bit
       New #2

    Hi there. What sort of security do you have installed on your laptop?

    You can go here to perform an online second opinion scan.
      My Computers
    Quote Quote

  4. AustFisch
    Posts : 9
    Windows
    Thread Starter
       New #3

    swarfega said:
    Hi there. What sort of security do you have installed on your laptop?

    You can go here to perform an online second opinion scan.
    Hey there,

    I am running Malware Bytes and Windows Defender, both of which could not find and terminate the virus. The other website that pops up is "gogamego".
      My Computer
    Quote Quote

  6. simrick
    Posts : 16,325
    W10Prox64
       New #4

    Have a read of this thread, and see if that doesn't help. Start at post #13.
    Bitsadmin pops up randomly and immediately disappears.
      My Computer
    Quote Quote

  7. cottonball
    Posts : 579
    Windows 10 Home
       New #5

    AustFisch,

    Welcome to TenForums!

    Looks like an adware program installed on the computer, which can be done without your knowledge.

    Please try the following:

    Download AdwCleaner:
    Malwarebytes | AdwCleaner
    Save the downloaded file to your Desktop.

    Right click on AdwCleaner.exe and select: Run as Administrator

    At the main console, click the Scan button and wait for the process to complete.

    When the scan finishes and presents its results, if you see any program that you wish to keep, remove the check from it. Otherwise, once the Clean button is pressed, all checked items listed on the report are removed.

    A log file is automatically opened after the scan finishes. It is found at C:\AdwCleanerCx.txt (x is a number).

    Please attach the content of the AdwCleaner report. We will determine where to go from there.
      My Computer
    Quote Quote

  8. AustFisch
    Posts : 9
    Windows
    Thread Starter
       New #6

    cottonball said:
    AustFisch,

    Welcome to TenForums!

    Looks like an adware program installed on the computer, which can be done without your knowledge.

    Please try the following:

    Download AdwCleaner:
    Malwarebytes | AdwCleaner
    Save the downloaded file to your Desktop.

    Right click on AdwCleaner.exe and select: Run as Administrator

    At the main console, click the Scan button and wait for the process to complete.

    When the scan finishes and presents its results, if you see any program that you wish to keep, remove the check from it. Otherwise, once the Clean button is pressed, all checked items listed on the report are removed.

    A log file is automatically opened after the scan finishes. It is found at C:\AdwCleanerCx.txt (x is a number).

    Please attach the content of the AdwCleaner report. We will determine where to go from there.
    Hello Cottonball,

    I've attached the report to this post. If this is not enough information I also had run adwcleaner a couple weeks back and could attach that if needed as well.

    Thanks.AdwCleaner[C2].txt
      My Computer
    Quote Quote

  9. AustFisch
    Posts : 9
    Windows
    Thread Starter
       New #7

    simrick said:
    Have a read of this thread, and see if that doesn't help. Start at post #13.
    Bitsadmin pops up randomly and immediately disappears.
    Could you help walk me through the steps of this? Not quite sure how to do all of this.

    Typing into powershell:
    "PS C:\WINDOWS\system32> Get-BitsTransfer -AllUsers | select -ExpandProperty FileList | Select -ExpandProperty RemoteName"

    brings back"http://domenjob.net/u/?a=0O3bFun2VtlGa1Nh_SPCAbBp_e87KwiuAxHfzfw2oj-IwAo73zs62EnqGWDfXVTIfpZ37Mn36ji9EqP-LpGPEqcLj4SfnI2dwe6RQ-Bjmu33bHVeYGXO9npzaZF5HLDXrXs54ICd_sJdTdOTTgaMlbkZhrMLszJBaZVAlybsbrRes3T60STsEmYh0s6HZG7FepRPMssPaQ XoD5rkOzBNRKapnb6sLBNAZsEJ4uNf-rR5XWrMUccFcFj287GqPyTM5_bm6E-CBCSlAGUK_FlbGmmucuoJBd2weXTad22cnnm9yLSwoZ2o0czgwsZByoFGeIp6mqlUB_qa-sH8NFcpZCDZOlTwwvWpitq5BqbjFeV7nOxXCYDe_QBkafoD421ILSoKl1VckWYIOJKZIdlp5SZKN8l6Vhfz4DExeRlSCAWZIZJr8 EIJDLhnz17ZDmZeL1uUajTwmIEmLazMh0c_ht1Hl3IzciqjzngYExEp_zM15ShAKs_Eaj2WfHoNRqnLiSyvnn7vHFX9YLP1BHQce rw9Qos2XBkDflLRcKnWpbibH69S01qgaKer9i4qlJD8jJj6KvOBREF6WKZqxyShurHrzcpXNkCUXlWcMKpb7ds6pn6xbKlf-5gyeqJRc0ygd1lsJ_auswv9C_ZKRrHFHB0IwAYMczPVAh8pnaV4fzIHcp-owCPAo7XxnxoD05kB0TwZGL_HN39uPav0tImSPwDqReaYk2XILVzO64wXZq7yZ_z77muPeWlok6GXqEX9Kz63e1srCsLPY-fhbBeOZyfqX79TVbFfZVatNB8cbnBG9-u5tpnHJb76zjNhY8Y0Q4E7FckVm287UfWnHK-ZG8M5P88bmytF79KQHGWeqYnKNNN1TBENUGJrcbdh__MJ9nrX7JS1ugFL51wuBHmByZPLMMjE7CHMaZ7TKOIgQUkRyedwpHJFROL 5Xrik7nOsvJ36WPTZgoXKItA3GxqILc_1NWE4FawTUUU1jmsJXJhJj5UR8hWI4XObe24t3CUtsTzsuxmy0gPmiMzq53jemXGkSdH XGGMWJXTpKxjVnd9TddWcRdo7NqFKcw3W1FJXDd5OB1m-17oqzoB9ds9rgHuNfZCcsr9&c=wfdQwVqyU-4XvSwio5g3Q6d4vbOIsxI2ZqrHsMgEt9fFonNfS5EXIr2EQMrT7xnXAfK1SEAOtFTfKEc-sgbvZdTGRFJtfL_k0YSuFL7T4J6E9J7T6phGjaqqYdw6DD7p24oCnn6pO4MN66_0vk63p0PT96dFkHWnKQUubdx998ncmwrjM0HV uEkID8acLsyaqISG98slaqYRunb5uekHt13SKWh8rbsUXpOe3f1WfcJp4Wlq8IlGHYhNIFCdpYMKIQriMnkfbA24ViVzoKDEmdUA BIC939PSO0yl-0gXYir1wp-zvah9wYL1SU8BoAZNB-2eDg3TJhYcYnjzCVaHcyjE8Py29CH4n1_CPGRH_v21YjhSPys61oIFIPPyC_UJ_kOphKWpuvB8Y-vtfkEPQNKmUDspZ46zDCeaVYPhTpDVQV8wr-G_ebqj1JZ-SaXUNp37Bt7CL1O5vz1uBowe3Bem8s92o3XaGi_GDGdxeAYQNsm9YAtgWNa9MkNe-r-jwT2EQD451XeiYt5RuOIu6k3Wach14jKDZgoHLH6k6ki1ZPfmE76PDJmQqNXSdWB3AyXXyXpupQj0q8g4YULovMkZIDtrRb6EQWc aI5flL303MbULZFzp4m2VY1jFj5eXJBeJV8V4sftsWO8pZTEPyvhu0Ym3vMiNvO9Pn80YDAFwb7ThXqnH3YQW_OxNPSdKidLPfso 0aB98KjfQGX2LkdXKvObnrcDUqGoZQ7jOYlwJnDsuXG_FTLXRJPJVv24oKeab4zSmONYUmBnnVLRnhdcWrmok0NLUE06zu1x5o-5h5TUbBZwOCi1Buh8uDrJzdOO5nmB--NaiOdpeUwm7PyadeXeRCQkn3DxaAl6_1ZdLV4wlrGJVcaNf_Xr4gV5H6iKanNuHcv6tTZKURbZeyXbonB_twsdG3iSQO9OF3mF_E y8yWzu_&r=2848999503189461901http://domenjob.net/u/?a=S3RJK-ZcETojFAdHjghGHjkpNIz-O-BvCyYEa2zUiCyE5pT-b99oRLqeUwwczWSIDPp8_mBlAGhdwHjnMgG6Ptbh58WDdOgRG3yj7TC58KmcNAPUk21cswFRMXw_EGGMbBojUfiKUhcX4LQAYRtI pzWY8tnvU1lWwPdBNNQYiI3oB8D7IFvznQFAnDwpS25oO5oUiv2Je-iG1Nok6-rsYQMzlqDMAsgOPCSqHm_xM7pz78IWb8RTWsbmbUpgxk87P7ql8AzoX7RNicz6RZIayBI-z9kjUf_00I_Nvi-TXN1X6jMTKuIJh5lxl_JZzYXO59f3aaHN4yrP1vyiPVXQIVcTsIGc-ZdXc3nQVtHPWJBgTWvhmUJAbuA2Imq3Wj_RbP06Jq-iXYp_7ZABU8YKNCn2CPqLuTBqzfCfU_wkkU359k_1IbBadw-XqRNtZKS2ZeEH-4CIhrjH6QhKnoDSmWeGrR-_olrHXYxPJJTDK4zcGbVXfO-nTa9CIyDYVGGRr28Mr2tULVP5mwrog9jgUB0qXEqzLFzsPw2AhZovjPTGTs8iUuLaA-Qq5UK5VWHjlrILVAY-yvfCe5U9BH5KflfV3_DS5l6fxzQBOAQMeARuBEh19fm-TprBfhNv9GCoQv_Zt1d_FehpM3zeCmfQHzgpbr3faARkB8PWKyvknXGIS_2YnS8bvcZo4ye-fF3IkB2uxLt4zXGR_viGflQ1R5wf6xik7ChCTh0EbTyztAZiSuPpuXQnYed426TKKhY-yRhWB6PwsPzuJJkJRX8BDJQ04J5RmCmGLyknrYNdZJX4THfw__P1VNXsEKby9shMdX3vFs0Le5FU4IQk2Wi7nQ-C8EKdwTSo22H6xZ-YmuwvsE5GRLKUy7m8kqtBmDqxFHMl6rOdb8MmSFvP7yBo0LuKLODovBMbXZB8GgTNayZL6-t8eEI9P459rjnYGUns0pYkjvYcu49DX17ZQN2-9eZu0s5OoqKW_7N8Tr3Fs-Xq5cO8I9JqADxyg-uOKX52oHRJ5Ceq3nsy_GivEXpIA_wAMr0ychUC_klBOAEupAvjACTAG2yelSYtQKRLYq9h675FhpjJthTwGWvnEyKT7kk5CMHLVf iDdX&c=qUjlxG_d4-deblC1RC8YJfo5nrQzHW1BjNKhcap6JhxLNdLOVV3uDESPuX3qZ6Jq2jzh3xczBDW1D6PhVmfLXCsCAQ0Ag7yeqF54yu44jtQjbi SZR8p2BS-Mj0cnV5rO11d68YN_00lsghL_6BZ8WWaP-VOWIZ7a7qI8vc2q3HRogFIulniHsgMsbOGbd-fnhJQmIrvXgNiUD5qGQb4r_4xUit-qfdnOQbidK9dcxR0NA3VhKnUYuOO6RtEm_l5RJ_NeQP1Lv2twOUjZA5qT6MQ8W-B4aPTpeiuLWniU4f17xle0h0p4_Kuuk-LYWI8fz8JF66gg6eSFknjy1g7_iN1a2LIk7-vw25pdd94fyrMWvFAfBogor96bEDSA3YyCwtcVxD8NAAtYP_32pDYky7In4WeOuVr4IkatFMAGxmPKRQPqbX7ajleE_3VF21DVzz Iqpmt0cpF8WcVrnFVTlxjUNVFNL2VfqsMuRHvcEeLZlPveKOcHqUbYgON5iKfXl1eFfWulL0niM9v2Fbr6x-f6O5eVyi8Lopjs-8JCZ2ITPC-2Na3KvaVd2u0jh7ZKWUzRQf0_kQzB_I4gWQm_tHBZIWQlF682UXmilJoH3j9TkVxsbD7mziq9_WX4sV0yOPt7KQVL5y3DbnZKIMb Rul3g71MRVOGuo3QBq1euspNYiWKiDCLI5meGciU4FbDNyXp0bUTLWZcX6phz7wtSJzN9mmCAjSPdG9yPzk06wZH9eo4nVH28XVB zQBpm8Eze4reaRshtWmul8RX05hADx4rxhGIs59Sjk0PTZh2Vt2SV4KJcDQ77giPkuhVHrVEasWnB031A2m_GY0ub483XiaiGgyr uCRVCsJJorGGfd9_SJtwOGYG6GM9iFBaNtjwaN-UtSvjOaXrNkxVkSjsxRtcvqYbAMHCfOlp8hA9ZCVBaimingMR2Gh&r=3899448201739206320https://dk5gckyelnxjl.cloudfront.net/c6.ashx?s=H1Izftpbl0cshmoBU,e3c966ce-95af-4316-8017-77c06c720ffb,https://dk5gckyelnxjl.cloudfront.net/c6.ashx?s=H1Iztrmbl10BU,1a0969c0-885f-4849-83fa-4d90358d4866,http://big4u.org/u/?q=7Xo7GZ9sYyFddh0SgO-7rmbA2KKdfUPhKaCqE29rau_wMAli7GX3UU7N498U0YGphJEksnJWGxs9GSnhitsFFBbXUhNMXaHXkMMwF4zqb47fbGx_OhwipcS wzIPGpSOAbQWVubEMFOokHtIWOWGAxBZ4sqaE7iLr7sw6-4_LAnVGZrzpOUQQtBeEmkVbK-Q6E93ApJgIAqi3yiwqb-QPvA-Cuu_8bJLsR5fEeaQixaXQYGZKUqL7mYRurFq_4_gfYqcgSunJSfo6LqfBTC3uAZSm7eDvjqRnpouHn5F9B1Hz-S6fIy38hL5Io0qYwR7OLqbxZ3obdi-EhRahsYJ3lPEU6IkqymFYzsdpnXKPUXIQJujtJf6qaDqOYBxqIVGWhaIZg2Y-vmYGyRiQEwx13B2e3CM7Fbk4qVotTUqeUJta6RWAluozA6Vz1ebk86C9vyyjV9G58794r6PT_cOGsNPvZN1uqBFY_4tu37wmlTOp 7l5AaOmrsar6dhV-Q7YitxkvpuedtwU31U7L8a-KZVsImnRdv7mVTbzpRMQHD6WSVB_lOwZBXyAnLuEU1l&c=82q9h2uCa_G5aDJPwMixecue2KLCKH-1V05Q4dK7FZXXwRpUvo_fVlvA83achsM5ViGlBvWoqdKNU1zEjOO-OTeKzRbZbHTvphzJdf3XnXCF_ue4yObS8QEf8k1piH-98cwC5Q89A0Cd96vPWkybZdTjlGK65rfgd3ymJh_fHixb0IXAZVjONjsaFdhtxlh8KLw_xSJF-9PzmPcp7k5bLdNnfWLK0ECr9HWbBMXt0_SfPqnVkmk3vvZsZ96bdVfnUOsDB6PcYVjvpc3KuhHpyeb4bo_sbvWbIaXWiD9EIezLX 3fBaaFHeOeO5loWhC79oo2js_5TgJSw_TQ3uGRSU6HhFbpA2XERBSdtmyncq30cxMjXMyJm1YqlA2l9kaeVZtbNm7wRffpyCbF45 BAQNGbr8toguXb8CR-PMJK0QKEC1_6SnlOcCBc5yLlO-0Tt2GqAguDC8RvODIlF-DiRK_KBndpDOqICdYyvHR9eF5DUso2OuKi9VZAUWvebnbEerKiG4fMvNrN5YPr3KPHtg0cQc9iJaOISg4dCHixLZojdjzc3MFhPe IQvMYQrSbU2-IlmkInfR9A6Ki5U9DvPZaGTDtsaBXtqqMwjDF8dhYq1s4wOHuMNrn_w5c3aN-G6aZceOU84Ku7n2U00qNDzVCDiPt_PaumCzqJzH4d&r=3100517396221970102http://monoset.info/u/?q=8zhCinrAS0hbGSCP-JQIL-Jvb75sc9kz_iQH2HWUfdNXkJJF_ucL6Bb_QSaeAUXEJEPri05L5n2Aaz7YOT7kXi57pJK_4uZhbenT3AHPRtJtRxM4ZO1wMRCZEh zAVTnRK_a5pwcJRLg7JUu7ERVUoC-laXbpYAqRorYWJ8qhxzB15W94Nl84Jy3zHrQxX1IKidPcDpD_uXronP1FB86uIq_GeIqkBD8Lu42yRY4lr4VMCaejP6JzddQxxFp 2EBVJxMBW1GD29E-Mz3lMfkCUtsk7C59VokpJDDSzGH16tTGwdjvtf6pfOy2kOqfxbI7UdsKbOBwbKsnNPuiudCBXWDnWDbbCnRLiE8I4h06FMiTCGxP bnrzTdckQu-ip5R-JP08eJRreZSmvkoibtPv_x4LLTbGkde0fCzemCMdby1D3rDf3-VY81CfRNrbp3r-NFKPTY5KHWDiUA5Kf_cPi7lRlapLPRbORIT6obnrNgqymE9ezIyh51vIEG24z6u-Mo9vJVChPDbrYBVG6DVaMCpVans-scM8e-MkNH3I_0T9SBgk8a247LBpdMfx4eF&c=36OHo50ILYB6um3hsMyTP-9h_SqPrXeluEj2-e2N-vVoLnfGZ6_9vFr3KxfdEU9fIkkJwyByaTaFp529Xg24kHfRYMnOjTIYq0ltULtIvjz0hyONoUei6bGo52GeTAFGy2J6AxQwCXn0S psn2hmxY43FzXIq7qDZXC1PBCa7AYPxj8ybD0N92kY2UUyzktF-I9hyaiDrjncn4twgG2Pyh2w7KpZQID3DTIOrRU7y9psbVekL1VdhAjbwio5JQP8qBDUWEDwhyaqedE8oNCczTSrZc6121B0GQFut oUxZ9GMyBBkhk8u5U9n16esdj--PShTfvPWV7bIeoWmPfN4Iu38YDJaWKj9C1IP6BDRlRwTgXAn0lJemAosDeIBB_9EMleP0zVsYGis_F86IY2FC5TFulMSHbSqMs8E M6iXKRC1DdQuswx-6achA_H79BBx6--h8CtQU9ekpCkghssCJLcZ7FPCvfoTlBQCQNj41MNPuRs_wjxrOH1F_vPW4au6QaPI3It47iwuq7w220c2BK5aZoR_1HEtYQDlDR8 IjAQomlePOXHV-NweARwiZGLt7XuotE7jdq__lOmyVKsETIgV-bx2WeKTKGiqZ563z52Yn3sN3Xc4H9wimdVS9h2thzBtOloRWLt7p0yb6nbgzduaUDLH9f5_tCZ7g-AA&r=7778500171594092476"
      My Computer
    Quote Quote

  10. simrick
    Posts : 16,325
    W10Prox64
       New #8

    AustFisch said:
    Could you help walk me through the steps of this? Not quite sure how to do all of this.

    Typing into powershell:
    "PS C:\WINDOWS\system32> Get-BitsTransfer -AllUsers | select -ExpandProperty FileList | Select -ExpandProperty RemoteName"

    brings back"http://domenjob.net/u/?a=0O3bFun2VtlGa1Nh_SPCAbBp_e87KwiuAxHfzfw2oj-....[snip]
    That domain appears to be your problem

    Malware Trouble; Random Command Prompt, Pop-Ups in Chrome.-image.png


    Hopefully ADWCleaner can help (as cottonball posted above). If not, there are a few other tools that can be used to help. May have to inspect your HOSTS file as well, flush your DNS, etc...
      My Computer
    Quote Quote

  12. cottonball
    Posts : 579
    Windows 10 Home
       New #9

    @simrick,

    Great job!! :)


    @AustFisch

    You mentioned having run Malwarebytes Anti-Malware (MBAM). Can you go back to it and attach its Protection log?

    In MBAM, go to: History > Application Logs > Protection Log
    Click Export, and select Text file (.txt)
    Name it and save it to your Desktop.
    Then, please attach it in your reply. Hopefully, it will show some detections.


    Now, let's find out what is in that system...

    Please use theFarbar Recovery Scan Tool Download
    Save the downloaded file to your Desktop.

    [Note: You need to run the version compatible with your system: 32 bit or 64 bit]

    Double-click FRST to run it.
    When the tool opens click Yes to the disclaimer.

    Next, press the Scan button.

    When done, the tool makes a log (FRST.txt) on the Desktop.
    Also, the first time the tool is run, it makes another log: (Addition.txt).

    Please attach both reports in your reply.
    Last edited by cottonball; 02 Feb 2017 at 22:35.
      My Computer
    Quote Quote

  13. AustFisch
    Posts : 9
    Windows
    Thread Starter
       New #10

    cottonball said:
    @simrick,

    Great job!! :)


    @AustFisch

    You mentioned having run Malwarebytes Anti-Malware (MBAM). Can you go back to it and attach its Protection log?

    In MBAM, go to: History > Application Logs > Protection Log
    Click Export, and select Text file (.txt)
    Name it and save it to your Desktop.
    Then, please attach it in your reply. Hopefully, it will show some detections.


    Now, let's find out what is in that system...

    Please use theFarbar Recovery Scan Tool Download
    Save the downloaded file to your Desktop.

    [Note: You need to run the version compatible with your system: 32 bit or 64 bit]

    Double-click FRST to run it.
    When the tool opens click Yes to the disclaimer.

    Next, press the Scan button.

    When done, the tool makes a log (FRST.txt) on the Desktop.
    Also, the first time the tool is run, it makes another log: (Addition.txt).

    Please attach both reports in your reply.
    Hey guys,

    Sorry for the late reply. Been busy with school and work the past couple days!

    I've attached the malwarebytes (malware.txt) and farbar reports.

    Any clue on how to remove the one you guys have detected in the previous post (domenjob.net)?

    Thanks again for all the help!Addition.txtFRST.txtmalware.txt
      My Computer
    Quote Quote

 

  Related Discussions
Is there a rule of thumb to know which of the referenced you would use when entering a particular command or file name? Mark
So hello there, I never really had any problems with my PCs I couldn't figure out myself but this one just baffles me. Yesterday I needed to open a .BAT file, but it just opens a small window for a second and then exits, that was strange as they all...
Unknowingly I fired the clean command in repair pc CMD while installing Windows 10. Please help to get all partitions? Problem: How to get back old partitions? Error Made: Unknowingly I fired the clean command in repair pc CMD, while installing...
I have read everything I can find on Error messages regarding looping of Preparing to Repair. I can not open my computer to Windows...it never loads. I started experiencing problems a while ago. Finally, I would be able to get on line, but only...
The Update process for new Windows 10 builds has shown evolutionary changes over the past two years as part of the Insider Preview Programme. One noticeable change has been that the ability, by default, to observe behind the scenes events by...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:03.
Find Us




Windows 10 Forums