C:\Windows\System32\cmd.exe


  1. Posts : 270
    Windows 10
       #1

    C:\Windows\System32\cmd.exe


    On Aug 24 when I booted my laptop I got this pop up (see attached). I just clicked on OK and ignored it.

    However since then I've gotten several pop ups re this item and in Googling it, I find it could possibly be some kind of malware. This is what I found:
    "Please note that this infection is an Alternate Data Stream file attached to the legitimate C:\Windows\System32\ folder. Do not delete the C:\Windows\System32\ folder as Windows will not operate correctly without it. "

    Do I need to deal with this, and if so, how?C:\Windows\System32\cmd.exe-info-box.jpg
      My Computers

  2. Caledon Ken's Avatar
    Posts : 24,184
    Windows 10 Pro x64 Version 2004
       #2

    Hi Nikilet.

    Did you install WinPatrol ? It appears it has a section called Scotty that monitors Startup programs and it appears to be telling you something change.

    17.3.6943.0625 when searched shows all kinds of hits on Microsoft's Onedrive. Did you uninstall it recently or disable it from starting with Windows? It appears to have been updated recently.

    I would ensure I had a complete backup of my data created off machine, job one. I would even consider creating an Image with a tool like Macrium Reflect so you can at least return to this point.

    Then you could try something like Adwcleaner from Malwarebytes to scan.


    Ken
      My Computer


  3. Posts : 270
    Windows 10
    Thread Starter
       #3

    Thank you, Ken. I do have Macrium which backs up to an external hard drive. I did mess around with OneDrive recently.

    Apparently you don't really feel it is some kind of malware (?) so I guess I will just let this go unless something else happens.
      My Computers

  4. Caledon Ken's Avatar
    Posts : 24,184
    Windows 10 Pro x64 Version 2004
       #4

    Sorry I can't be 100% sure. You didn't say, did you install WinPatrol?

    It does line up, that is the OneDrive mentioned on the Web and then you making changes. If you have a Macrium backup I think you could run the AdwCleaner. Just make sure your data is also backed up
      My Computer

  5. Samuria's Avatar
    Posts : 6,037
    windows 10
       #5

    One drive often runs a CMD to delete all files in one drive then another to update its normal allow it
      My Computer

  6. lx07's Avatar
    Posts : 5,479
    2004
       #6

    Samuria said:
    One drive often runs a CMD to delete all files in one drive then another to update its normal allow it
    No, it runs it from %localappdata% not system32.

    It doesn't assume full authority.
      My Computer


  7. Posts : 270
    Windows 10
    Thread Starter
       #7

    Yes, I do have WinPatrol Plus. I've had it for years.
      My Computers

  8. swarfega's Avatar
    Posts : 7,086
    Windows 10 Pro 64-bit
       #8

    I used to use Winpatrol for years until it was bought out and regular updates stopped.

    Make sure you have the latest version of it if you must keep it installed.

    I saw this link while I was searching: winpatrol asks permission windows command processor on windows 10 - Virus, Trojan, Spyware, and Malware Removal Logs
      My Computers

  9. Gordon7's Avatar
    Posts : 182
    Win 10 rs1 - build 14393.1944
       #9

    OneDrive was updated on august 24. on my System. I always have Task Manager open in Performance tab when I'm
    connected to the web. That way I can easily see what's get downloaded. When I notice something, I open the Perfomance
    Monitor on Network tab and there I see who or what is downloading.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 13:14.
Find Us




Windows 10 Forums