0

There are 4 wierd .cmd files starting on startup called simply "q" They look like this is it .. Malware? Spyware? i don't know if i should disable it or not, craziest part is that it does not show on MS Config or Task Manager, or the Powershell:startup folder, only in Glary's . However the program is not wrong, when i start my laptop from shutdown i see 6 diffrent command promt's open for a second. UPDATE: What??? Its cmd.exe? After deep research and scan with VirusTotal i found out its "cmd.exe" But why is it on startup? Why does it run some wierd 5 lines long command? the meaning of this is NOTHING

Hektor Gaming
  • 33
  • 9
  • Is your computer connected to a domain? Could that be domain-specific logon scripts? – PMF Jul 31 '21 at 18:35
  • @PMF No, its not. – Hektor Gaming Jul 31 '21 at 18:37
  • So what is the content of those files? – DavidPostill Jul 31 '21 at 19:05
  • @DavidPostill Idk its only in this program i could not find it anywhere neither the location, i think its malware – Hektor Gaming Jul 31 '21 at 19:14
  • "There are at least 17 locations from where programs can be started." See my answer https://superuser.com/a/1047629/337631. You need to check **all** of them. – DavidPostill Jul 31 '21 at 19:18
  • @DavidPostill its cmd.exe somehow? i scanned my computer it showed results it was located somehow in system32 its like some sort of nickname? Wierd enough, it shows as "q.cmd" but the real file name is cmd.exe its infact A copy of cmd.exe its located in a other folder rather then the folder the real cmd.exe is located in. Impossible! I never had any virus on my laptop – Hektor Gaming Jul 31 '21 at 19:22

1 Answers1

1

Its malware. Here is the summary:

Recording my laptop booting Found out it was a dumb virus clone of cmd.exe running on startup trying to delete the full documents folder, but it does not run as a admin so it just fails with a permisson error. I deleted it and removed it

Malware came from: Fake program (paint.net) i got it from some wierd website i found out the real site is getpaint.net, i ran is as admin but i think the developer was dumb, however i lost all my files in my primary folder i had alot of sensitive stuff atleast it was not that bad

Hektor Gaming
  • 33
  • 9