3

enter image description hereWhen command prompt opens and closes suddenly. It changes proxy settings of Google Chrome and Every browsers present in the system.

and i think because of that my homepage get changed also. It shows adds on my browser.

How can i get the rid of this? It is safe?

the files mentioned in images are recreated after deleting....how to delete them.?

Pravin Durugkar
  • 99
  • 1
  • 10
  • 2
    Sounds like you got some adware?? Search google for "adware removal" or format your computer. These things will slow your computer, serve you ads, track you on internet, give you annoying pop ups – JoakimE Jan 12 '17 at 13:37
  • yes but what about command prompt which pops up...and changes proxy settings of browser – Pravin Durugkar Jan 12 '17 at 13:39
  • you might want to try a piece of software called "hyjack this" it lets you see all of the executables that run on startup and remove the as needed – CaffeineAddiction Jan 12 '17 at 13:52
  • 1
    When does it happen? What OS are you using? This sounds like a batch sctippt is being run to change your proxy settings, is there a chance that your sysadmin is behind it? – TheJulyPlot Jan 12 '17 at 13:53
  • @PravinDurugkar Close your applications. Open the task manager, check your Applications and Processes tabs, do you find anything suspicious? Use this utility https://www.virustotal.com/en/documentation/desktop-applications/virustotal-uploader to manually check the suspicious processes on virus total. You might find the malicious process. – pri Jan 31 '17 at 07:14
  • 2
    Could be duplicated of http://security.stackexchange.com/q/138606/52572 – Andrey Sapegin Feb 01 '17 at 11:21
  • start simple: http://superuser.com/questions/302194/automatically-executing-commands-when-a-command-prompt-is-opened – dandavis Feb 01 '17 at 20:24
  • You may use ProcessMonitor ( https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx ) to track what's going on: next time CLI prompts, you'll see in proc mon what triggered it, and so you can determine whether it's from a wanted or unwanted software, and which one. – Xenos Feb 03 '17 at 17:28
  • Nuke it from orbit: https://security.stackexchange.com/questions/32500/what-is-nuke-it-from-orbit –  Feb 05 '17 at 00:42

6 Answers6

4

This problem can be caused by two things.

The first is browser extensions. I you have installed any extension from any unknown source that may cause changing your home page and showing ads. All you need to do is to remove that extension. If that doesnt solve the problem you may need to uninstall the browser and delete the files in this folder (check all user accounts for this location):

C:\Documents and Settings\*UserName*\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions

Second, if you have malware, adware or whatever you need to find it. See how to find manually a virus malware adware or any infecting file.

Anders
  • 64,406
  • 24
  • 178
  • 215
Rahul Choudhary
  • 106
  • 3
1

If you are sure you have some malware (adware, spyware or whatever). Of course you'll need some malware removal software. Depending of the problem maybe format drive and reinstall is the unique option to get 100% clean. Anyway, try first to remove the malware of your system. Sometimes it works very well.

You didn't specified if you use windows, linux or what O.S. Anyway, I can recommend to you a couple of malware removal software:

Malwarebytes has its free version which has no real time protection to avoid being infected, but free version is able to remove malware once infected like in your case. You can activate a 30 day premium trial if you want real time protection.

Good luck.

OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
1

As other users suggested you are very likely is having a virus or malware running, best you can do is to do complete system scan with some good and updated AntiVirus and as you are saying that you are having problem of auto starting of cmd prompt you are likely to have a process which is auto starting on startup of your computer.

You can use msconfig.exe to check what programs will auto start at startup.

Search for msconfig.exe in windows search and remove/disable all suspicious programs.

And also search for startup folder and remove malicious program if found any.

Abhishek Gurjar
  • 198
  • 1
  • 5
1

As many people suggested, you probably got a virus or malware.

This question was already answered here: Help! My home PC has been infected by a virus! What do I do now?

Please just read the accepted answer carefully.

If you do not feel yourself technical enough to perform it by yourself, then go to this answer for non-technical users

However, I will still try to suggest the following steps from my own experience:

1) Turn off your PC and try to scan it using boot CD, e.g.:

Rescue Disk from Kaspersky, available for free (would be my first choice)

List of other free bootable anti-viruses

Download and burn it on another / non-infected computer.

By going this way, you shutdown your OS with any malware/viruses that are there and boot from independent OS with antivirus, which will scan your hard drive for possible issues.

2) If it will find something, try to think about how you got infected. This will be needed later, to prevent getting re-infected through the same vulnerability.

3) If you did not have a backup of your data, copy all your data from the infected PC, after you did a cleanup with boot CD. Do not boot up you OS (Windows) at this step, just connect your hard drive to another PC with updated anti-virus software and copy all the data.

4) Reinstall OS (Windows). Yes, this step is really needed, although not obvious. I also was long time misleadingly thinking, that if I have removed the virus/malware from my PC, the issue is closed. However, you should realise, that after you got a virus/malware, this is NOT YOUR PC anymore. No antivurus could guarantee, that 100% of viruses/malware were found and removed. Maybe you got multiple viruses. Maybe a hacker logged into your PC trough a backdoor and did some custom changes on it. And so on. The only way to be sure it will be clean is to reinstall your OS (Windows).

Please also have a look on this question:

Is making a clean install enough to remove potential malware?

5) Do all software updates. Now you need to analyse the info from the step (3). How the malware got into your PC? Through outdated browser? Then update it, including plugins like Adobe Flash and Shockwave, etc. It was a phishing mail with a link that you followed? Educate yourself with a help of Google, how to recognise phishing. You installed some software from untrusted source? Do not install it again. And so on.

6) Set up a regular automated data backup. There are tools integrated into Windows 7 already, please see official Microsoft web site for more information on it:

https://support.microsoft.com/en-us/help/17127/windows-back-up-restore

7) Continue to regularly perform software updates and regularly educate yourself for IT security.

Community
  • 1
Andrey Sapegin
  • 260
  • 1
  • 2
  • 16
  • `4) Reinstall OS (Windows). Yes, this step is really needed, although not obvious.` I think that's too paranoid for a simple adware. – Rápli András Feb 01 '17 at 11:36
  • 1
    Are you sure it was "simple adware" or "simple adware only"? – Andrey Sapegin Feb 01 '17 at 11:54
  • From the behavior described in the comments, yes. But cmon, this is a 5 years old post. I'm not sure about what I did yesterday. – Rápli András Feb 01 '17 at 12:10
  • i think reinstalling OS will be too much time taking... – Pravin Durugkar Feb 02 '17 at 05:57
  • 1
    if you want to have nearly 0 risk, then you need to reinstall it. This is not only my personal suggestion, but the most upvoted answer from http://security.stackexchange.com/q/138606/52572. So, if you have a malware, it is not your computer anymore. Of course, you can continue using it, if the malware allows it for you. But the only way to guarantee that it is cleaned - is to reinstall OS. – Andrey Sapegin Feb 02 '17 at 09:34
  • 1
    As written in the answer I mentioned, you could remove a malware that is visible due to effects you see (proxy changed, ads, etc.), but also miss to detect another malware - e.g. a keylogger, which can steal your credit card data, Facebook password etc. and silently send it over Internet without showing you any ads. – Andrey Sapegin Feb 02 '17 at 09:35
1

As comments above suggest, you are using Windows.

When command prompt opens and closes suddenly. It changes proxy settings of Google Chrome and Every browsers present in the system.

  1. In Windows create new user with non admin privileges.
  2. Logout from current user and login with newly created user (this will prevent the Maleware from changing the proxy setting).
  3. Install and run Malwarebytes, you will be prompted for admin password.

a. If Malwarebytes detects malicious programs, let it clean them out, then create new admin user that you are going to use in the next login and delete the first one.

b. If Malwarebytes fails to detect potentials malicious programs then you have no choice then to make new Windows install.

Update :
https://www.malwarebytes.com/mwb-download/thankyou/

*If you're downloading from another computer because yours is infected, drag the file onto a USB drive. Copy the file onto the infected computer and double click to run the program.

elsadek
  • 1,782
  • 2
  • 17
  • 53
1

Is it possible that you've got a logon script defined?

For example, my work machine has a logon script defined by the system administrator, which does things like reconnect printers and drives when I'm in the office. This can cause a command popup to appear briefly, and work are always setting my homepage back to the corporate intranet! So not a virus in this case, just a bit annoying.

More information available on Microsoft TechNet.

Rik Lewis
  • 171
  • 1
  • 5