Share via

virus causing command prompt to randomly open and close

Anonymous
2021-09-17T05:31:14+00:00

I recently started seeing my command prompt randomly open and then instantly close again. I was able to get a screenshot of the command prompt window and saw this.

I tried opening my appdata folder and couldnt find anything that looked like that "ftftfbd". I tried reaching the file by putting " D:\AppData\Roaming\ftftfbd" in Win R run window and saw this:

[![](https://learn-attachment.microsoft.com/api/attachments/7c50f946-e83b-4a90-951b-17ab647b8539?platform=QnA"https://pastebin.com/jhtqWFEL" rel="ugc nofollow">https://pastebin.com/jhtqWFEL
  I've also ran multiple virus scan programs. (Malwarebytes, Iobit advanced systemcare, windows defender, AVG. malwarebytes found "Generic.Malware/Suspicious, D:\DOWNLOADS\ADOBE INSTALLER [ALL APPS]\ADOBE INSTALLER [ALL APPS]\ACTIVATOR FOR ADOBE [FIXES ISSUES].EXE", quarantined and removed it but the issue is still ongoing. I'm not sure what to do at this point
Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. _AW_ 64,431 Reputation points Volunteer Moderator
    2021-09-17T06:41:20+00:00

    Hi, are you knowingly using the following 2 user.js files in the Firefox profiles?

    D:\AppData\Roaming\Mozilla\Firefox\Profiles\iuhxfcrp.default-release\user.js

    D:\AppData\Roaming\Mozilla\Firefox\Profiles\8deuak9n.default\user.js

    To fix up what FRST found, highlight all the text between the asterisks, then press Ctrl + C to copy it to the clipboard.

    Run FRST as administrator and press the Fix button.

    Your computer will restart to complete the cleaning.

    Post the C:\fixlog.txt and let me know how things are running.

    ***

    Start::

    CreateRestorePoint:

    CloseProcesses:

    Task: {2BE90BD3-6D5A-4146-A659-E9574DD1ACCA} - System32\Tasks\Firefox Default Browser Agent E59E0138DB8C8C27 => D:\AppData\Roaming\ftftfbd [65440 2021-06-10] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION

    VirusTotal: D:\AppData\Roaming\ftftfbd

    VirusTotal: C:\Windows\system32\Drivers\SIVX64.sys

    D:\AppData\Roaming\ftftfbd

    S3 cpuz145; ??\C:\Windows\temp\cpuz145\cpuz145_x64.sys [X]

    D:\AppData\Roaming\icacls.exe

    D:\AppData\Roaming\vfjvabd

    FirewallRules: [TCP Query User{DCC3031C-A5C6-469E-B104-3F3C9EA7F9D8}D:\games\ea games\fifa 21\fifa21.exe] => (Allow) D:\games\ea games\fifa 21\fifa21.exe => No File

    FirewallRules: [UDP Query User{00FE734E-6E2F-4E7C-B89D-C6A2A101D5ED}D:\games\ea games\fifa 21\fifa21.exe] => (Allow) D:\games\ea games\fifa 21\fifa21.exe => No File

    FirewallRules: [{E9A152AA-0F7F-44BA-8731-113E5D9FC17A}] => (Block) D:\games\ea games\fifa 21\fifa21.exe => No File

    FirewallRules: [{549CDB74-42D9-4F45-A578-51A142C1BFB9}] => (Block) D:\games\ea games\fifa 21\fifa21.exe => No File

    FirewallRules: [TCP Query User{F0334071-0AE1-4809-9B31-03AFE9413E54}D:\games\far cry 4\bin\farcry4.exe] => (Allow) D:\games\far cry 4\bin\farcry4.exe => No File

    FirewallRules: [UDP Query User{AE7C583D-7088-4D1A-B10B-554AAAF5A58E}D:\games\far cry 4\bin\farcry4.exe] => (Allow) D:\games\far cry 4\bin\farcry4.exe => No File

    FirewallRules: [{C19863A5-DC96-4642-A8C3-C11220634F0B}] => (Allow) %ProgramFiles%\Java\jre1.8.0_301\bin\java.exe => No File

    FirewallRules: [{234C99B4-3FE2-4083-AE17-05F1FFC50763}] => (Allow) %ProgramFiles%\Java\jre1.8.0_301\bin\javaw.exe => No File

    EmptyTemp:

    End::

    ***

    2 people found this answer helpful.
    0 comments

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. _AW_ 64,431 Reputation points Volunteer Moderator
    2021-09-17T05:41:53+00:00

    If you could scan with Farbar Recovery Scan Tool (FRST), and share the logs it creates, I'll help you fix the problem.

    https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    * Note: If you are downloading FRST with Edge, smartscreen will initially block it.

    Click on the 3 dots next to the warning and select Keep -> Show more -> Keep anyway.

    Run FRST as administrator, use default settings and press Scan. Two logs are created in the folder that FRST is run from. Zip the logs and share on OneDrive, Google Drive or any file sharing service.

    0 comments
  2. Anonymous
    2021-09-17T06:02:28+00:00

    I ran FRST on default settings like you said. Here is the google drive link with the zipped logs https://drive.google.com/file/d/1AJSez9MBTo5_e-jIfQ2gazXbVEg-pOiM/view?usp=sharing

    0 comments
  3. Anonymous
    2021-09-17T07:01:47+00:00

    I copied the text and pressed fix. I wasn't supposed to put the text anywhere right? just copy it? Here is the fixlog. https://drive.google.com/file/d/13hmxGLQi6kU9KivKHjnOL9lv4DqZSnJv/view?usp=sharing

    Also I have no idea what that Firefox thing means. I downloaded Firefox months ago and probably used it twice. I use Brave Browser.

    0 comments
  4. _AW_ 64,431 Reputation points Volunteer Moderator
    2021-09-17T07:08:07+00:00

    How is everything running? FRST seems to have successfully removed everything.

    0 comments