as the title suggests, after I login to default/main account which has administration privileges, after desktop loads almost instantly CMD opens and shuts down the computer, only way I found to stop it temporary was to login to my other account question is can you recognize this virus ?
I have been wandering shady russian sites lately could it be due to that ?
I have no antivirus installed other than windows defender.
Since it's not detected by antivirus software:
The script runs the command shutdown -s -t 0, this is the usual command to shut down the computer after 0 seconds.
In order to remove, remove the following if found:
User Startup: `
C:\Users\(username)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk`
C:\Users\(username)\AppData\Roaming\Tempo\DOC001.exe
HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
Task: 7king hacker suck - C:\Windows\system32\cmd.exe /c shutdown -s -t 0
So, I've had the same problem all day and i've been trying to find out how to remove whats happening. I logged into a spare account that I previously made that had Administrator Privileges and I got into safe mode. By the looks of it, in safe mode the latest version of Malwarebytes (Version 3.8.3 Free) picked the virus up. This has allowed me to log into my Computer normally. So what I can suggest is to somehow get into safe mode and run the latest version of Malwarebytes to remove the virus. I hoped this helped even though a little late.
