Windows 10: How to fully remove a trojan that hides as "cmd.exe"?

Hello, I am experiencing a issue with my PC that seems to be related to a Trojan infection. My antivirus software has been consistently targeting two specific programs: "cmd.exe". I have tried using Malwarebytes to scan and remove any suspicious folders bot using malwarebytes and manually but nothing is working. I recently downloaded Farbar Recovery Scan tool and scanned my system. Addition.txt and Frst.txt logs are uploaded to one drive and link is dropped here. Any help will be appreciated.file link - 2 ItemsSystem Information:Operating System: Windows 7 professionalSystem Type: 64-bitAnt

:)

 

How to fully remove a trojan that hides as "cmd.exe" and "SearchProtocolHost.exe"?

Hello,



I am experiencing a persistent issue with my PC that seems to be related to a Trojan infection. My antivirus software has been consistently targeting two specific programs: "cmd.exe" and "SearchProtocolHost.exe". Along with this, it detects the download of a series of suspicious files within my public users' folders, including a "b.bat" file, a "Service.exe" file, and a "b.vbs" file. Additionally, a compressed file (.7z) is downloaded into my Local/Temp folder, which then gets extracted automatically.



Despite taking steps to address this malware, including installing and running scans with both Malwarebytes and Avast, the issue persists. It seems that these security solutions have not been able to fully remove the trojan from my system.



Here are some specifics regarding my system and the steps I've already taken:



System Information:

• Operating System: Windows 11
  
• System Type: 64-bit
  
• Antivirus Software: Malwarebytes, Avast
  

Actions Taken:

• Full system scans with Malwarebytes and Avast.
  
• Manual deletion of the suspicious files mentioned above, which temporarily resolves the issue until they reappear every hour.
  

I am seeking guidance on how to completely remove this trojan from my system and ensure my computer's security. Any advice on tools or methods that could effectively eliminate this threat would be greatly appreciated. If there are specific logs or system information that could help in diagnosing and addressing this issue, please let me know how I can access and share them.



Thank you in advance for your assistance.

Here are the screenshots of my antivirus's reports: Question – Google Drive

 

How to fully remove a trojan that hides as "cmd.exe" and "SearchProtocolHost.exe"?

Hi Tanner,

I don't see any active malware at any of the entry points. We need to check one file, which the fixlist.txt will do automatically.

Also, SearchProtocolHost.exe is not the culprit here. When SearchProtocolHost.exe indexes your files, it triggers the on-demand AV scanning when it attempts to index "c:\users\public\documents\b.bat". If b.bat is repeatedly created, we have to investigate further. There is no reference to Service.exe in the logs.

For now, please run the fixlist below.

• Download FixList.txt
  

• Save Fixlist.txt in the same folder where EnglishFRST64.exe is.
  
• Close all program windows.
  

• Launch the Farbar Scanner tool and click "Fix".
  
• Upload the output log file (FixLog.txt) to your OneDrive.
  

 

How to fully remove a trojan that hides as "cmd.exe" and "SearchProtocolHost.exe"?

Please run the Farbar Scanner and share your logs.

• Download Farbar Recovery Scan Tool (FRST64.exe) [See also: Collect Farbar Recovery Scan Tool logs.]
  
• Rename FRST64.exe to EnglishFRST64.exe.
  
• Run the program. Don't check or uncheck any options. Click "Scan".
  
• Upload the two logs, FRST.txt and Addition.txt, to your OneDrive and share the link here.
  

(How-To: Share OneDrive files and folders - Microsoft Support)



Note: If Microsoft Edge or Chrome mislabels the Farbar Scanner executable as PUA/malware, choose to keep it by tapping … in the bottom bar, choosing Keep, and then choosing Keep anyway in the dialog that appears.