random powershell command

Page 1 of 2 12 LastLast

  1. Posts : 3
    windows 10 22H2
       #1

    random powershell command


    Hello everyone,

    I was wondering what could be doing this behaviour.
    From time to time random powershell console window briefly flashes and in the logs I find this command. How to find a task that is running this command?
    windows 10 22h2 19045.3208
    thank you

    "Host Application: powershell.exe -ExecutionPolicy Restricted -Command $Res = 0; $Infs = Get-Item -Path ($env:WinDir + '\inf\*.inf'); foreach ($Inf in $Infs) { $Data = Get-Content $Inf.FullName; if ($Data -match '\[defaultinstall.nt(amd64|arm|arm64|x86)\]') { $Res = 1; break; } } Write-Host 'Final result:', $Res;"
    then the result is
    Final result: 1

    followed by
    PS>$global:?
    True
      My Computer


  2. Posts : 1,338
    Windows 10
       #2

    You need to audit powershell its to involved to type out because its 7am here and it is a lot to go through.

    Just do some research.
    auditing powershell at DuckDuckGo
      My Computer


  3. Posts : 3,013
    Windows 10 Pro for the Bro
       #3

    Check out:
    Reddit - Dive into anything

    Take a quick skim through the whole thing, then look at the last post.

    We'd have to figure out how to disable that command from running in your computer. Maybe located in the Task Scheduler. Most likely don't need to reinstall the computer if we can find it.
      My Computer


  4. Posts : 17,049
    Windows 10 Home x64 Version 22H2 Build 19045.4170
       #4

    Note the time it ran,
    Open Task scheduler as Admin,
    Select Task scheduler [Local] - This is normally what it shows when it starts,
    Look through the central Task status section to see if a particular task ran at that time.


    Denis
      My Computer


  5. Posts : 1,630
    win10 home
       #5

    In Powershell [admin ],run ---dism /online /cleanup-image /restorehealth ---and when completed then run ---sfc /scannow ---until a clean report is given.
    This should ensure the system files are functioning correctly and see if that eliminates the problem.
      My Computer


  6. Posts : 43,392
    Win 10 Pro (22H2) (2nd PC is 22H2)
       #6

    This seems to be accessing your list of .inf files- driver-related - in C:\Windows\INF

    At a more basic trial and error level - perform a clean boot (Google or see relevant tutorial if unsure how) and see if it recurs.

    If it does not recur, it's related to one of the items now disabled.

    You can progressively enable those and determine which it might be related to. You'd be looking for something unusual.

    If it still recurs, you can disable more.

    Autoruns (free from MS) gives a comprehensive view of all things starting- check box disable - including scheduled tasks (referred to above).

    Remember- you're probably looking for something uncommon.

    Is there any periodicity in its occurrence - e.g. hourly?
    When did this start happening?
    What happened before that?
      My Computers


  7. Posts : 1,204
    11 Home
       #7

    Press Win+R and paste the following command:
    Code:
    cmd /k @title Tasks &for /f "delims=" %a in ('powershell -c "Get-ScheduledTask |foreach {$a=($_.Actions |select Execute,Arguments |ft -HideTableHeaders |Out-String -Width 4096).Trim();If($a.length -gt 0){$_.TaskPath;$_.TaskName;$a;' '}}"')do @echo.%a
    Press Enter. This will give you an overview of tasks in Task Scheduler that have defined Actions to run a program/script, i.e., Actions that are similar to this example:

      My Computers


  8. Posts : 43,392
    Win 10 Pro (22H2) (2nd PC is 22H2)
       #8

    Or (assuming it is indeed run as a scheduled task- for which we have no definite evidence and we don't know its periodicity) you could use Taskschedulerview (free) which presents all tasks as a searchable linear list, with multiple columns.

    You can organise the displayed tasks by clicking the numerous column headers.
      My Computers


  9. Posts : 1,204
    11 Home
       #9

    dalchina said:
    for which we have no definite evidence
    As a matter of fact, the evidence is more than definitive enough for me:
    https://answers.microsoft.com/en-us/...c-35a425e28832
      My Computers


  10. Posts : 43,392
    Win 10 Pro (22H2) (2nd PC is 22H2)
       #10

    If you can deduce that it is, from this post, I would appreciate your displaying the logic of that conclusion please.

    You have now added evidence which was not available.

    But we have provided the tools.

    Thanks.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:52.
Find Us




Windows 10 Forums