Question Virus that anti viruses are failing to remove!

May 20, 2022
3
0
10
This command prompt keeps appearing after I have tried to scan the computer with multiple protection software.

This is the message the command prompt keeps showing: C:\Users\........\AppData\dtjhcr and th file seems to be hidden in this path and cannot be located even by ani-virsues

I have been struggling with this for almost a year now, I think this virus is somehow more dangerous to android rather than windows since any android device I connect to the PC gets ill, it will keep restarting until a factory reset is done.

I hope I have provided enough information for anyone to help.

Thank you
 
May 20, 2022
3
0
10
You mentioned Android, my thought is that it could be part of a device driver package, do you use ADB or fastboot at all?
No i do not.
It does not have an effect on windows except the nuisance pop-ups of the command prompt, however, any android phone I connect to the computer starts acting up until the android device has to undergo a hard boot.
 

Etrius vanRandr

Prominent
BANNED
May 11, 2022
304
55
520
No i do not.
It does not have an effect on windows except the nuisance pop-ups of the command prompt, however, any android phone I connect to the computer starts acting up until the android device has to undergo a hard boot.

Does this happen when you connect the phones to other computers, or just this one?

If not, then I suggest you just wipe Windows and reinstall.
 
When you reinstall, make a USB install drive on another computer. I think the following is still up to date:
  • Run BelArc advisor and print out the results. This will list most of the installed programs and many of the keys necessary to reinstall your programs. Verify that all the keys you need are included in the printout.
  • Run a full backup. It is recommended you do so using two different backup devices, just in case. One of the backups should use Windows 7 backup in case of a reinstall problem (go to settings/update and security/backup and click on Go to Backup and Restore (Windows 7). Also make a restore USB is case you need to reinstall the backup.
  • Create an install USB on another computer. Do this by following the steps at https://www.microsoft.com/en-us/software-download/windows10). Select the option to make media for another computer.
OR​
 

Etrius vanRandr

Prominent
BANNED
May 11, 2022
304
55
520
Run BelArc advisor and print out the results.

BelArc is spyware and keylogger. Has been proven multiple times by many reputable sources.
Run a full backup.

Also extremely pointless in this situation. A backup would contain the virus and be able to infect anything it's connected to.

If OP is using a laptop, a factory reset from the included recovery partition is what he should be doing, not a full system drive wipe.

Edit: wow, bignastyid downvoting actually helpful comments, very acceptable behaviour for a moderator, including the fully private profile.
 
Last edited:
Belarc would be the last thing run before a clean reinstall. No damage will result from a keylogger or spyware. In any case, I've had no issue with the Tool and the manufacturer is a large reputable company. Are you sure it was downloaded from the vendor or some random download site.

The purpose for a full backup is in case the user needs to revert back. Perhaps an important file is not recovered (unlikely).

How does you know the factory restore partition is not also infected.

Enough of the "know it all" BS. I won't respond again,
 

Etrius vanRandr

Prominent
BANNED
May 11, 2022
304
55
520
Are you sure it was downloaded from the vendor or some random download site.

I don't make mistakes.

The purpose for a full backup is in case the user needs to revert back. Perhaps an important file is not recovered (unlikely).

And risk infecting another computer?

How does you know the factory restore partition is not also infected.

Because in 99% of cases they are read-only.

Enough of the "know it all" BS. I won't respond again,

Says the guy with the biggest "know it all" attitude on the forum.

There's a difference between acting like you know things and actually knowing them, and a lot of people on this forum act like they know what they're talking about despite knowing very little on the subject.
 

Etrius vanRandr

Prominent
BANNED
May 11, 2022
304
55
520
And please post what info you have about Belarc Advisor. I've not heard anything about it being malicious.

using procmon from sysinternals you can see it collects a ton of info about your pc and sends your event logs back to HQ. The very early versions that are still distributed by third parties even had a keylogger.

It might be a ""legit"" program in the way that it does exactly what it says on the tin, but telemetry like that is inexcusable. It collects this info whether you want it to or not.

I've also used procmon to monitor its connected and open ports.
 

Etrius vanRandr

Prominent
BANNED
May 11, 2022
304
55
520
Procmon is processes, not traffic in and out.

Procmon and procexp are part of the same sysinternal package

mmJIFel.png