[SOLVED] Need help with white window that pops up randomly top left of screen

[TIAlec]

Hi everyone, I'm actually surprised I'm not finding any help for this through Google searching.

I'm on a brand new Lenovo Legion 5 Pro laptop and I've been using it for about a week now, but I can say for certain that about two days ago I have a white cmd type window that seems to pop up randomly (maybe it's at set intervals and I haven't noticed) and flashes on screen for literally about 0.2 seconds then goes away. When it happens, if I am in any full screen game or program it knocks me out to desktop.

I was able to grab it through a screen recording and provide the image below/attached. It seems to point to a location in my AppData/Roaming folder but I don't seem to see anything in there that might help get rid of this. Looks like the end of the window title reads something like "cvtcrjr" or "cvfcrjr"? I can barely make it out.

Please let me know some ideas for possibly getting rid of this, thank you!

 

[COLGeek]

Have you scanned this rig for malware?

 

[TIAlec]

Have you scanned this rig for malware?

I have scanned a few times with Windows Defender antivirus only and it is in fact giving results of .exe files in my AppData/Local/Temp folder for example.

Ran it before posting this and showed me this
Detected: Trojan:Win32/AgentTesla!ml
Status: Removed
Affected Items:
file: C:\Users\leo11\AppData\Local\Temp\6EFB.exe
file: C:\Users\leo11\AppData\Local\Temp\9218.exe
file: C:\Users\leo11\AppData\Local\Temp\Setup4.exe

I figured something found like what's above is good news, but the pop up at least is still happening. 😓

 

[COLGeek]

Scan with Malwarebytes. Removed all identified threats.

https://www.malwarebytes.com/mwb-download

 

[Nemesia]

Download Malwarebytes - https://www.malwarebytes.com/mwb-download/thankyou-5635-variation-2

Start a scan with that. Remove any threats.

You can do a Windows Defender "Offline Scan" too.

 

[TIAlec]

Thank you both, installed Malwarebytes and it detected the four files below. It only allowed me to quarantine at the time of scan completion, I can go back in and delete as well. Is quarantine enough or do I delete, do I do anything else at the moment? I haven't seen the pop up yet but may just be coincidence at the moment...I hope it's gone of course.

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 298068
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 0 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
File: 4
Trojan.Downloader, C:\USERS\LEO11\APPDATA\LOCAL\TEMP\5AB7.EXE, Quarantined, 540, 958953, 1.0.43376, 1C69B0FF121223A3F8E953C2, dds, 01344209, 5D4FE3E7D0F45647E81618174AF529DA, 443B086F4765F277568EAADC0DB7445E36A63D65755D60D1FACF613CE55E2155
Spyware.AgentTesla, C:\USERS\LEO11\APPDATA\LOCAL\LICENSE\ONSE.EXE, Quarantined, 524, 932069, 1.0.43376, 17F67A0A18FCEA8BED6C325D, dds, 01344209, 7BC69F6FAC0D853781B1A72CBA8C770F, 0D2C9B94A19E43C0A017A18C4E386F3A2BB5BDC82D1D8FD69F9864B41B7B7B28
Trojan.Downloader, C:\USERS\LEO11\APPDATA\LOCAL\TEMP\MSI90F1.TMP, Quarantined, 540, 939219, 1.0.43376, 603C3B0B4216587476FAC480, dds, 01344209, D300E84764270BB3DB881C1C0FB7425C, 6E2CCA1A24AE47BB636BC279302C99602C4EB2FA9EB5669883CAFA68AA6953C8
Trojan.Downloader, C:\WINDOWS\INSTALLER\58597577.MSI, Quarantined, 540, 939219, 1.0.43376, , ame, , C39E2404C20C9805D2619C0C8033A5A5, B99D5598E3F50A9F76F41BA358AC974883BBB54BDA8294DA2A7864DB1B63BBE4

 

[Nemesia]

Reboot and rescan a few time until it does not find anything.

The only real way to know your PC is fine is to wipe everything and reinstall Windows but you should be fine if you don't see the pop up again.

Scan your PC often with both (Malwarebytes - Defender)

 

[COLGeek]

After quarantining files, you should also remove them.

 

[TIAlec]

Thank you both for your quick and continued help here. I've been repeatedly restarting and rescanning with Malwarebytes since I last replied in here. It's been finding something with each scan (different malware/virus in different location each time).

I'm running a scan right now again, and although it says 0 detections when previously it would've said something by now, I still see the pop up happening. This time the pop up window that briefly appears seems to be a black background window with a lot of wording in it, but I haven't tried to video grab it yet.

I suppose like mentioned the only real way to fix all this is reinstall Windows. 😓

 

[Nemesia]

Yes. You have no idea what that virus is doing. Some of them is not easy to remove and even if you do you can't be sure it's still not there doing stuff.

I would backup important files and reinstall Windows by wiping the drive clean.