Windows Command Processor suspicious

[zephirus]

Hi,

 

I was using my computer (was in a game) when suddenly the attached UAC windows appeared.

It seems suspicious so I clicked "No" and the popup appeared again and again.

 

The only way to get rid of it was to shutdown the computer in the case power button.

 

Anyone knows what the hell is this thing? I didn't found much information besides one site that has a reference to the file as says it is malware...

 

Btw, on that note, can someone recomend me a good malware cleaner software?

 

Thanks!

[eeeee1]

this definitely looks sus. use MalwareBytes or BitDefender

[emosun]

you can go into the app data and delete that target .exe its trying to run

[eeeee1]

Boot into safe mode and go to the directory and delete the folders. Also go into task manager and find it in the startup tab.

[zephirus]

Thanks for the quick answers. It's safe to delete the file? The fact is that I don't even know what it is.

[zephirus]

6 minutes ago, eeeee1 said:

Boot into safe mode and go to the directory and delete the folders. Also go into task manager and find it in the startup tab.

There is no reference to that in the startup tab.

About the folder, I can't delete the "Roaming" folder, of course.

[GoodBytes]

Yea it a virus/malware. It wanted to run command prompt to run its own executable. Probably wanted did this work around to get the Command Prompt icon and bypass Smart Screen, and have the UAC prompt title section show in color blue and not red or yellow.

 

UAC saved your system from being affected. I would delete the file (not command prompt, but rather luVsWL.exe, then run Malwarebytes and an anti virus to ensure all is removed, open Task Scheduler, and see if you have any action set to run that program)

[GoodBytes]

Just now, zephirus said:

There is no reference to that in the startup tab.

About the folder, I can't delete the "Roaming" folder, of course.

No, delete the executable

[zephirus]

16 minutes ago, GoodBytes said:

Yea it a virus/malware. It wanted to run command prompt to run its own executable. Probably wanted did this work around to get the Command Prompt icon and bypass Smart Screen, and have the UAC prompt title section show in color blue and not red or yellow.

 

UAC saved your system from being affected. I would delete the file (not command prompt, but rather luVsWL.exe, then run Malwarebytes and an anti virus to ensure all is removed, open Task Scheduler, and see if you have any action set to run that program)

 

The file was present in Task Manager in the details page. I killed it. It was not in the Task Scheduler.

Any idea what it is?

 

PS: I just run Malwarebytes and it found other threats (what a surprise). But there's no reference to this file, strange...

[GoodBytes]

3 minutes ago, zephirus said:

 

The file was present in Task Manager in the details page. I killed it. It was not in the Task Scheduler.

Any idea what it is?

Ok, great, but check Task Scheduler. Else, you'll return to make a new thread about an error of missing file that keep popping up.

[zephirus]

2 minutes ago, GoodBytes said:

Ok, great, but check Task Scheduler. Else, you'll return to make a new thread about an error of missing file that keep popping up.

There's no reference to it in Task Scheduler.

 

Thanks for the great support, guys. Really appreciate it.

[GoodBytes]

1 minute ago, zephirus said:

There's no reference to it in Task Scheduler.

 

Thanks for the great support, guys. Really appreciate it.

So then, wait we are not done. It could be bidding in the sub folders or it has an assistant program somewhere on your system. Assuming you did not run Malwarebytes and antivirus that flagged something, you have something that ran that Command Prompt as elevated credential to run that executable.

[zephirus]

4 minutes ago, GoodBytes said:

So then, wait we are not done. It could be bidding in the sub folders or it has an assistant program somewhere on your system. Assuming you did not run Malwarebytes and antivirus that flagged something, you have something that ran that Command Prompt as elevated credential to run that executable.

 

My bad!!!

 

Malwarebytes detected the file.

 

 

The second line, "Tasks" folder, seems to indicate that it should be someting in Task Scheduler.

 

About malwarebytes, do you recomend to buy this software? I, as the majority of people, don't have a malware software and usually we just regret it when sh*t happens.

[GoodBytes]

29 minutes ago, zephirus said:

 

My bad!!!

 

Malwarebytes detected the file.

 

 

The second line, "Tasks" folder, seems to indicate that it should be someting in Task Scheduler.

Ah! very good! Now you should be happy.

 

29 minutes ago, zephirus said:

About malwarebytes, do you recomend to buy this software? I, as the majority of people, don't have a malware software and usually we just regret it when sh*t happens.

The decision is yours. We are different. and have different needs. For example, I am in a position that I can afford purchasing my software, and have excellent free software that perfectly meets my needs (example: Visual Studio Community Edition and Visual Studio Code). And I do my best to follow safe web practices (experience is also at play here. Don't think I never got fooled in the past). Mixed with the fact that my PC is 11 years old, and really, the cheapest CPU you can get (beside Athlon/Celeron) is actually faster than what I have. I don't have the luxury of running any anti-virus or malware beside the built-in Windows Defender. I do at times run scans of Malwarebytes, but occupationally. So I install it, scan, remove it. But that is me, me personally, with my current situation. Now I do plan to replace my PC once the new CPUs and GPUs are coming up later this year. I can wait, and then and there, I'll see.

 

Malwarebytes is very good at detecting the latest malware, and there is a free version. Of course, the paying version helps support this great program, and gives you additional features that might interest you. Malwarebytes and Windows Defender might be a great mix for you. I don't know.

 

Currently, at the moment of writing, malware are the popular choice instead of virus makers (ransomewares to be specific). Mostly because: malware are harder to detect as they are software and not a program attached to a file.  They are easier to make, and in the case of ransomware, brings in a lot of money, especially when it hits companies, and anyone who don't do backups.

[zephirus]

9 minutes ago, GoodBytes said:

Ah! very good! Now you should be happy.

 

The decision is yours. We are different. and have different needs. For example, I am in a position that I can afford purchasing my software, and have excellent free software that perfectly meets my needs (example: Visual Studio Community Edition and Visual Studio Code). And I do my best to follow safe web practices (experience is also at play here. Don't think I never got fooled in the past). Mixed with the fact that my PC is 11 years old, and really, the cheapest CPU you can get (beside Athlon/Celeron) is actually faster than what I have. I don't have the luxury of running any anti-virus or malware beside the built-in Windows Defender. I do at times run scans of Malwarebytes, but occupationally. So I install it, scan, remove it. But that is me, me personally, with my current situation. Now I do plan to replace my PC once the new CPUs and GPUs are coming up later this year. I can wait, and then and there, I'll see.

 

Malwarebytes is very good at detecting the latest malware, and there is a free version. Of course, the paying version helps support this great program, and gives you additional features that might interest you. Malwarebytes and Windows Defender might be a great mix for you. I don't know.

 

Currently, at the moment of writing, malware are the popular choice instead of virus makers (ransomewares to be specific). Mostly because: malware are harder to detect as they are software and not a program attached to a file.  They are easier to make, and in the case of ransomware, brings in a lot of money, especially when it hits companies, and anyone who don't do backups.

Thanks!

 

I love free and opensource software and I also try to follow safe web pratices. I will use this one as I need.

[eeeee1]

3 hours ago, zephirus said:

There is no reference to that in the startup tab.

About the folder, I can't delete the "Roaming" folder, of course.

no silly dont delete roaming. delete the suspicious file! godspeed on the internet my friend. stay safe online and offline