C:\Windows\System32\cmd.exe


  1. Nikilet
    Posts : 274
    Windows 10
       New #1

    C:\Windows\System32\cmd.exe


    On Aug 24 when I booted my laptop I got this pop up (see attached). I just clicked on OK and ignored it.

    However since then I've gotten several pop ups re this item and in Googling it, I find it could possibly be some kind of malware. This is what I found:
    "Please note that this infection is an Alternate Data Stream file attached to the legitimate C:\Windows\System32\ folder. Do not delete the C:\Windows\System32\ folder as Windows will not operate correctly without it. "

    Do I need to deal with this, and if so, how?C:\Windows\System32\cmd.exe-info-box.jpg
      My Computers
    Quote Quote

  3. Caledon Ken
    Posts : 30,178
    Windows 11 Pro x64 Version 23H2
       New #2

    Hi Nikilet.

    Did you install WinPatrol ? It appears it has a section called Scotty that monitors Startup programs and it appears to be telling you something change.

    17.3.6943.0625 when searched shows all kinds of hits on Microsoft's Onedrive. Did you uninstall it recently or disable it from starting with Windows? It appears to have been updated recently.

    I would ensure I had a complete backup of my data created off machine, job one. I would even consider creating an Image with a tool like Macrium Reflect so you can at least return to this point.

    Then you could try something like Adwcleaner from Malwarebytes to scan.


    Ken
      My Computer
    Quote Quote

  4. Nikilet
    Posts : 274
    Windows 10
    Thread Starter
       New #3

    Thank you, Ken. I do have Macrium which backs up to an external hard drive. I did mess around with OneDrive recently.

    Apparently you don't really feel it is some kind of malware (?) so I guess I will just let this go unless something else happens.
      My Computers
    Quote Quote

  6. Caledon Ken
    Posts : 30,178
    Windows 11 Pro x64 Version 23H2
       New #4

    Sorry I can't be 100% sure. You didn't say, did you install WinPatrol?

    It does line up, that is the OneDrive mentioned on the Web and then you making changes. If you have a Macrium backup I think you could run the AdwCleaner. Just make sure your data is also backed up
      My Computer
    Quote Quote

  7. Samuria
    Posts : 8,103
    windows 10
       New #5

    One drive often runs a CMD to delete all files in one drive then another to update its normal allow it
      My Computer
    Quote Quote

  8. lx07
    Posts : 5,478
    2004
       New #6

    Samuria said:
    One drive often runs a CMD to delete all files in one drive then another to update its normal allow it
    No, it runs it from %localappdata% not system32.

    It doesn't assume full authority.
      My Computer
    Quote Quote

  9. Nikilet
    Posts : 274
    Windows 10
    Thread Starter
       New #7

    Yes, I do have WinPatrol Plus. I've had it for years.
      My Computers
    Quote Quote

  10. swarfega
    Posts : 7,254
    Windows 10 Pro 64-bit
       New #8

    I used to use Winpatrol for years until it was bought out and regular updates stopped.

    Make sure you have the latest version of it if you must keep it installed.

    I saw this link while I was searching: winpatrol asks permission windows command processor on windows 10 - Virus, Trojan, Spyware, and Malware Removal Logs
      My Computers
    Quote Quote

  12. Gordon7
    Posts : 182
    Win 10 rs1 - build 14393.1944
       New #9

    OneDrive was updated on august 24. on my System. I always have Task Manager open in Performance tab when I'm
    connected to the web. That way I can easily see what's get downloaded. When I notice something, I open the Perfomance
    Monitor on Network tab and there I see who or what is downloading.
      My Computer
    Quote Quote

 

  Related Discussions
Each time I start up my Windows 10 laptop I get a small page headed "Desktop-Notebook" followed by a display that reads "LocalizedResourceName=@%SystemRoot%\system32\windows.storage.dll,-21826" Have Googled this sentence and tried one suggestion...
So info on this on google is a bit all over the place. The name (and some stuff ive read) implies its as it says. A backup of tasks from a prior version of windows. Almost like a restore. Is this a folder I can delete or do those tasks...
What is the function of the folder c:\windows\system32\wbem? I'm trying to expunge HP Sure Click which was installed on my new laptop. I uninstalled Sure Click but the Sure Click Chrome Extension remained and was greyed out so nothing could be...
C:\windows\system32\nvscap64.dll
in Windows Updates and Activation

running windows 10pro vers1511 on my pc os build 10586.589, prod id 00330-80000-00000, each startup this message appears, could not find C:\windows\system32\nvspcap64.dll, what's wrong?:sick:
Every startup I get a command prompt window running reg.exe. There's nothing in my startup folder with reg.exe Noting in the usual registry start up locations with reg.exe Nothing in msconfig with reg.exe Anyone know why it's doing this?
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 12:58.
Find Us




Windows 10 Forums