0
Recently I scanned disk with MalwareBytes Anti-Malware and then accepted quarantine of specific registry key (don't remember which one was that) which seemed to be related to cmd.exe. After this scan and quarantine cmd.exe is starting, changing the window size to very small and quitting in less than a second. Even from powershell it does the same but leaving me in powershell, not closing the powershell window. I was suspecting some malware but nothing is founded by MBAM. There could be an edition of registry key related to cmd which MBAM has deleted and now it is not working properly.
What can I do to fix the problem with cmd.exe?
pbies
Posted 2018-03-29T19:42:12.813
Reputation: 1 633
What version of Windows are you running? Can you boot into the recovery console and run SFC? – Jeff Zeitlin – 2018-03-29T19:47:17.427
Windows 10 Pro x64, version 1709 - 16299.309. SFC didn't found anything wrong. I don't have any restore point. – pbies – 2018-03-29T19:49:02.567
"Quarantine" suggests that it's preserved by MBAM, and can be reviewed (and possibly restored). Have you looked to see what the entry in question was? What else, beside SFC, have you tried to analyze or correct the problem? – Jeff Zeitlin – 2018-03-29T19:52:33.057
If you have reviewed the quarantined entry, what, specifically, was it? – Jeff Zeitlin – 2018-03-29T19:53:20.733
I am out of ideas what to do. Log from MBAM: PUM.Optional.CMDShell, HKU\S-1-5-21-3182972637-540971354-4033272233-1001\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, Added to quarantine, [6749], [464572],1.0.4528 – pbies – 2018-03-29T19:57:41.480
I've tried delfix and registry cleaner - no luck. I restored the key in registry - no luck either. – pbies – 2018-03-29T20:06:43.383