Something to reverse this .bat file loop...

[Chitran101]

So I created a .bat file with the following for... reasons... and ran it

@echo off
taskkill /f /im explorer.exe
start explorer.exe
exit

As a result now whenever I startup my PC there is a black screen with no GUI at startup along with command prompt, so I'm annoyingly having to type in explorer.exe every time... Anything to reverse this stupid loop that I created?

 

[13thmonkey]

remove the batch file and reboot?

 

[Chitran101]

remove the batch file and reboot?

I have removed the batch file from this universe long ago and rebooted, it's the same...

 

[johnbl]

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

 

[Chitran101]

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

 

[johnbl]

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

 

[Chitran101]

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

 

[Peter Martin]

download and install EVERYTHING and search for remove.bat there.

get it here, portable or installer, i install it and use default settings, get the 64 bit if you have 64 bit os
https://www.voidtools.com/downloads/

 

[Chitran101]

download and install EVERYTHING and search for remove.bat there.

get it here, portable or installer, i install it and use default settings, get the 64 bit if you have 64 bit os
https://www.voidtools.com/downloads/

0 objects named remove.bat, although I'm not surprised, I deleted the .bat as soon as I ran it

 

[Peter Martin]

you can alway back your data up and clean install windows.

 

[johnbl]

if you don't have admin privilages you can not run the command at a elevated level.
if you can start a cmd.exe (does not have to be elevated for the following commands)
then run
net.exe /user (this will show the name of the users for the machine)
whoami.exe (this will show the name you ar logged in as)
net.exe /localgroup administrators (this will show the names of accounts that have admin rights)

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

 

[Chitran101]

if you don't have admin privilages you can not run the command at a elevated level.
if you can start a cmd.exe (does not have to be elevated for the following commands)
then run
net.exe /user (this will show the name of the users for the machine)
whoami.exe (this will show the name you ar logged in as)
net.exe /localgroup administrators (this will show the names of accounts that have admin rights)

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

I am definitely not an administrator according to cmd

 

[johnbl]

if you can nto open a elevated cmd prompt or poswershell as an admin
https://www.lifewire.com/how-to-open-an-elevated-command-prompt-2618088

they you would have to have your admin make the changes for you.

if you don't have admin privilages you can not run the command at a elevated level.
if you can start a cmd.exe (does not have to be elevated for the following commands)
then run
net.exe /user (this will show the name of the users for the machine)
whoami.exe (this will show the name you ar logged in as)
net.exe /localgroup administrators (this will show the names of accounts that have admin rights)

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

I am definitely not an administrator according to cmd

 

[Chitran101]

if you can nto open a elevated cmd prompt or poswershell as an admin
https://www.lifewire.com/how-to-open-an-elevated-command-prompt-2618088

they you would have to have your admin make the changes for you.

if you don't have admin privilages you can not run the command at a elevated level.
if you can start a cmd.exe (does not have to be elevated for the following commands)
then run
net.exe /user (this will show the name of the users for the machine)
whoami.exe (this will show the name you ar logged in as)
net.exe /localgroup administrators (this will show the names of accounts that have admin rights)

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

I am definitely not an administrator according to cmd

And who might that admin be at my home computer?

 

[johnbl]

most likely you. but you are not correctly opening a elevated command prompt. the default is to open it NOT as a admin.

i gave you the commands that would tell you who the admins to the computer was.

if you can nto open a elevated cmd prompt or poswershell as an admin
https://www.lifewire.com/how-to-open-an-elevated-command-prompt-2618088

they you would have to have your admin make the changes for you.

if you don't have admin privilages you can not run the command at a elevated level.
if you can start a cmd.exe (does not have to be elevated for the following commands)
then run
net.exe /user (this will show the name of the users for the machine)
whoami.exe (this will show the name you ar logged in as)
net.exe /localgroup administrators (this will show the names of accounts that have admin rights)

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

I am definitely not an administrator according to cmd

And who might that admin be at my home computer?

 

[Chitran101]

most likely you. but you are not correctly opening a elevated command prompt. the default is to open it NOT as a admin.

i gave you the commands that would tell you who the admins to the computer was.

if you can nto open a elevated cmd prompt or poswershell as an admin
https://www.lifewire.com/how-to-open-an-elevated-command-prompt-2618088

they you would have to have your admin make the changes for you.

if you don't have admin privilages you can not run the command at a elevated level.
if you can start a cmd.exe (does not have to be elevated for the following commands)
then run
net.exe /user (this will show the name of the users for the machine)
whoami.exe (this will show the name you ar logged in as)
net.exe /localgroup administrators (this will show the names of accounts that have admin rights)

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

I am definitely not an administrator according to cmd

And who might that admin be at my home computer?

I did open the elevated command prompt, access is still denied...

 

[Peter Martin]

time for a clean install.

https://www.tomshardware.com/news/how-to-do-clean-installation-windows-10,36160.html

funny thing is, I tried your batch file and all it does, and all it should do is stop explorer and restart it, which it does in all my vms, and none of them exhibit this malware behavior you are getting. Simply put, you are infected pretty deep, and they cut you off permissions.

CLEAN INSTALL is the final fix. You could also try creating another user and logging in as that user, if it doesn't have the problem it's your profile that is jacked.

 

[johnbl]

sorry i may have given you the incorrect syntax for the command
try the command without the / character


open the elevated cmd.exe

net.exe user
net.exe localgroup administrators

they should run even if not elevated.
please show the results

most likely you. but you are not correctly opening a elevated command prompt. the default is to open it NOT as a admin.

i gave you the commands that would tell you who the admins to the computer was.

if you can nto open a elevated cmd prompt or poswershell as an admin
https://www.lifewire.com/how-to-open-an-elevated-command-prompt-2618088

they you would have to have your admin make the changes for you.

if you don't have admin privilages you can not run the command at a elevated level.
if you can start a cmd.exe (does not have to be elevated for the following commands)
then run
net.exe /user (this will show the name of the users for the machine)
whoami.exe (this will show the name you ar logged in as)
net.exe /localgroup administrators (this will show the names of accounts that have admin rights)

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

I am definitely not an administrator according to cmd

And who might that admin be at my home computer?

I did open the elevated command prompt, access is still denied...

 

[Chitran101]

sorry i may have given you the incorrect syntax for the command
try the command without the / character


open the elevated cmd.exe

net.exe user
net.exe localgroup administrators

they should run even if not elevated.
please show the results

most likely you. but you are not correctly opening a elevated command prompt. the default is to open it NOT as a admin.

i gave you the commands that would tell you who the admins to the computer was.

if you can nto open a elevated cmd prompt or poswershell as an admin
https://www.lifewire.com/how-to-open-an-elevated-command-prompt-2618088

they you would have to have your admin make the changes for you.

if you don't have admin privilages you can not run the command at a elevated level.
if you can start a cmd.exe (does not have to be elevated for the following commands)
then run
net.exe /user (this will show the name of the users for the machine)
whoami.exe (this will show the name you ar logged in as)
net.exe /localgroup administrators (this will show the names of accounts that have admin rights)

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

I am definitely not an administrator according to cmd

And who might that admin be at my home computer?

I did open the elevated command prompt, access is still denied...

Yeah I figured that out before.. but here you go
https://drive.google.com/open?id=1EmaUzH2xzS9IwTirxP9Mudl9uTteWaz1

 

[johnbl]

ok, user is a admin, so the problem is that you do not have ownership of the file.
the file is owned by the system.

use explorer, navigate to c:\windows\system32
find the file taskkiller.exe
right mouse click, select properties, find secruity tab
and then you can deny execute rights so it can not be run

better to find out where it is being run from using autoruns and disable it.
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
maybe it will show up, it shows all of the automatic run points.

sorry i may have given you the incorrect syntax for the command
try the command without the / character


open the elevated cmd.exe

net.exe user
net.exe localgroup administrators

they should run even if not elevated.
please show the results

most likely you. but you are not correctly opening a elevated command prompt. the default is to open it NOT as a admin.

i gave you the commands that would tell you who the admins to the computer was.

if you can nto open a elevated cmd prompt or poswershell as an admin
https://www.lifewire.com/how-to-open-an-elevated-command-prompt-2618088

they you would have to have your admin make the changes for you.

if you don't have admin privilages you can not run the command at a elevated level.
if you can start a cmd.exe (does not have to be elevated for the following commands)
then run
net.exe /user (this will show the name of the users for the machine)
whoami.exe (this will show the name you ar logged in as)
net.exe /localgroup administrators (this will show the names of accounts that have admin rights)

you have to start cmd.exe as an admin or start powershell.exe as an admin then run
start cmd.exe
then in the command box do
cd c:\windows\system32
dir taskkill.exe
ren taskkill.exe tkill.exe

you can start cmd.exe or powershell.exe as an admin then
ren taskkill.exe tkill.exe

(this just renames the taskkill command so it will not be found by your bat file)

then the batch file will not find the taskkill.exe command.
better to find out where the batch file is running from and remove it. running from startup? from task scheduler ? stored in the registry?

download autoruns from here:
https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
select the logon tab and see if you can see where the .bat or .cmd file is being run from.
then you can delete the entry if you find it.
otherwise you will have to search the hard drive for the file or use regedit and search the registry for the filename.

I named the file remove.bat, searched for it throughout the hard drive and registry for it, turned up nothing, used autorun and searched everything and it turned up nothing, although explorer.exe is present as a startup program, but I guess it doesn't matter because that .bat file is a ghost that is scaring the shit out of explorer... Trying to rename the command with cmd admin just says access denied and powershell says that "taskkill" doesn't even exist.

I still don't have access man

I am definitely not an administrator according to cmd

And who might that admin be at my home computer?

I did open the elevated command prompt, access is still denied...

Yeah I figured that out before.. but here you go
https://drive.google.com/open?id=1EmaUzH2xzS9IwTirxP9Mudl9uTteWaz1