Cmd.exe running at startup, deleting files?

By KateetaK
Apr 1, 2008
  1. Alright, so here's what's going on. I am not great at explaining things so I will do my best. BTW my OS is Windows XP Media Center Edition.

    When I started up my computer today, a box appeared in the upper left-hand corner of my screen that read at the top: C:\Windows\system32\cmd.exe (while nothing else loads, not even the taskbar) and files began to appear in the box running very quickly. They were moving very quickly but I did see that most of the files began with "Deleted Files.." or something to that effect. I closed the box out since this had never happened to me before & I had no idea what was going on.

    Then I opened my browser (Mozilla Firefox) to see if I could check around and see what the problem is and everything was gone from my browser...all of the bookmarks, add-ons, preferences set back to default - as if I had never used it before. After that, I closed the browser and ran an anti-virus scan along with a spyware scan. They did not detect a thing. Actually, when I started up my anti-virus program (AVG) it was as if I had never used that before either.

    I then decided to restart my computer and the same box appeared doing the same thing as before. I immediately shut the window this time. Now my desktop picture isn't there either. I restarted Firefox and saw the same thing happen again - it was reset to default as if I were never there.

    So, this is what the story is so far & I have not restarted since - I came directly to this site to find some help. I would really appreciate any and all help as I would like to resolve this problem as quickly as possible. Thank you for taking the time to read this message. If you need any more information on my problem or anything else I may have missed, please say so and I will supply it. Thanks again, everyone.

  2. woody1191

    woody1191 TS Rookie Posts: 572

    After some research I believe someone my have hacked your system or something may have been downloaded that is hiding it self as the cmd.exe which should be in lower case letters. Is yours showing all lower case letters?

    Also virus scans won't this recognise because files like this are crucial for the Windows OS's to work, these are basically protected by Windows so if deleted they will be automatically be replaced.
    Click on this link to download Hijack This (HJT) which is a software tool used to scan the processes your CPU is doing. Install it and start the scan and save this as a file and upload it. This will show all processes and then me or someone else if they want to help locate the file/s and instruct you on how to delete the files.

    You will have to copy and paste the information in because i think you have to have 5 posts to upload files or links
  3. KateetaK

    KateetaK TS Rookie Topic Starter

    Yes, cmd.exe does appear in all lower case letters.

    I downloaded the program and ran a scan. You say post it but it this information safe for me to post here?

    edit: Nevermind, I see what you're saying. I am going to do this right now and post back.
  4. KateetaK

    KateetaK TS Rookie Topic Starter

    I submitted my log file to a helper site. Thank you very much for your help, I really appreciate it. I will post back if I require any further assistance.
