This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Log submission

I am a new user of Sophos and ran the program for the first time. I have a windows command processor virus. I get a square pop-up every 15 minutes. I ran the program and it identified that I have a trojan. I clicked on the submit log button and I get a failed network error. So the program won't fix the trojan. Do you have any suggestions as what to do? Can you bypass the submit log and still fix the issue? I am at the "might be time to invest in a new computer" time. Thanks 



This thread was automatically locked due to age.
Parents
  • Is this a Windows client or Mac?

    Are you running Sophos Home?

    Regards,

    Jak

  • Windows home computer. Sorry forgot to include that in my original post. I have just ran the scan again and now it says I have no threats. Except the pop-up is still appearing.

  • OK so a command prompt is shown, in that case you need to know the parent process, i.e. which process launched it.

    Are you able to run Process Explorer when this is on screen?  

    If you run Process Explorer, you can make it the top most window before the pop-up if there is an issue with this command prompt "covering it up".

    Regards,

    Jak

  • Well, I took my computer to get looked at by computer tech's yesterday and they told me they fixed it. Well, they didn't. I am still getting the pop-up. I have downloaded process explorer as you suggested but have never used it before and don't know how it works am not sure if I am running it as Administrator. 

  •  

    I have this screen shot of something that I am not sure if it is the culprit or not. Under system there is something called hardware interrupts and DPC's.

  • If it's still the same as before, i.e. cmd.exe, then you're looking for the cmd.exe process and then the parent of this process.

    If you right click on procexp.exe and choose "Run as administrator" then it will be running as admin.  Optionally you can configure Process Explorer to be the top most window if it's being obscured in any way. This can be set under the "Options" menu, by choosing the "Always On Top" option.

    Next time the cmd.exe window pops up, drag the cross-hairs icon of Process Explorer...

    ...onto the mysterious cmd.exe window and it will highlight cmd.exe in the tree view of processes.  

    You can then see from the tree the parent process of this cmd.exe process. i.e. which process launched it.  What is it?  It maybe significant to know the parent of that process as well, all the way up the tree.  

    I've just taken a random Process Explorer image from the net below but for reference it will suffice.  Below you can see that the Explorer.exe process has launched a number of child processes, cmd.exe being one of them.  You can also see that Procexp.exe was launched from that cmd.exe process.  It is this child parent hierarchy that will hopefully tell you where your cmd.exe process has come from.

    So given your process tree to work with, one check would be to look at the Properties of the processes in Process Explorer.  Right click - Properties. You can see the Autostart Location value.  This could be useful.  I would suggest cross referencing this with the output of the tool Autoruns [https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns]. This will give you a good way to disable any startup items.

    Other useful options in Process Explorer is to add the column, "Virus Total". Under the Process menu, then is a "Check VirusTotal" option.  This will submit a hash of the file to Virus Total and will give you a result from a number of vendors.

    Regards,

    Jak

  •  

    To help explain what  is describing in Process Explorer see this demo...

    Note: In the video, and for demo purposes, it shows Process Explorer finding that the cmd.exe process was run from a scheduled task.

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • If a picture is worth a thousand words, then that video is probably around 300,000 - accounting for length and framerate.

    Thanks!

  • To update: I have taken my computer to a computer tech. They ran antivirus programs and did some updates. Was told that they think the problem was gone and I could take my computer home. Hooked up my computer and pop-up immediately. GRR!! Made the decision to buy a new computer. I used the process explorer and had the extra column for virus and was able to capture the issue. It said not a virus and even right clicked the issue and selected "kill". Unfortunately this didn't work as the pop-up still appeared. I am a google chrome user and like to play facebook games. I was having an issue with one of my games loading so I refreshed a few times but still the game wouldn't load so I removed the game. Cleared google chrome's cache, removed adobe flash and ran ccleaner (not sure of the exact order). Then I reloaded adobe flash, reloaded my game and amazingly the pop-up is now gone. I still don't know what caused it or what exactly eliminated but it is now gone. (Crossing fingers for good hopefully) Anything happens again and it's a new computer. Thanks for the suggestions though. Much appreciated.

  • Turns out I was wrong. Pop-up is still there. I honestly didn't see the pop-up for over an hour so I thought the issue was gone, but turned on my computer this morning and pop-up is still there. New computer time.

  • Have you determined the parent process of the process responsible for the popup given the steps in the video?

    I wouldn't take it to the same place you've taken it to before they clearly have no idea what they are doing.

  • Without knowing more about the process (as jak has mentioned) it's hard to say what is causing the pop-up.  The summary is that your computer (Windows) had a Trojan detected but that's now gone and it's this annoying command prompt that runs every 15 minutes?

    I could start throwing out guesses.  I could suggest it's something about Chrome and maybe Google's own clean-up tool (https://www.google.com/chrome/cleanup-tool/) may help.  However it a bit of random guessing. [:S]  Another thing to check is what anti-virus software is currently installed.  What Sophos product/version do you have installed and do you have any other anti-malware software installed (i.e., did you install Sophos because your regular scanning tool wasn't pick up something)?  Again, another guess.

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • Without knowing more about the process (as jak has mentioned) it's hard to say what is causing the pop-up.  The summary is that your computer (Windows) had a Trojan detected but that's now gone and it's this annoying command prompt that runs every 15 minutes?

    I could start throwing out guesses.  I could suggest it's something about Chrome and maybe Google's own clean-up tool (https://www.google.com/chrome/cleanup-tool/) may help.  However it a bit of random guessing. [:S]  Another thing to check is what anti-virus software is currently installed.  What Sophos product/version do you have installed and do you have any other anti-malware software installed (i.e., did you install Sophos because your regular scanning tool wasn't pick up something)?  Again, another guess.

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data