Is My Computer Infected?
May 2, 2016 9:03 PM   Subscribe

Today, I was on my Windows laptop and a command prompt window opened, which changed from red text to green text really quickly, almost too quickly to catch. I wiped and re-installed Windows, and now, the same command prompt popped up again! Screenshot: here. Is my computer infected? How can this be with a full wipe and re-install?
posted by xingcat to Computers & Internet (7 answers total) 2 users marked this as a favorite
 
Are you running 64 bit windows?
posted by museum of fire ants at 9:12 PM on May 2, 2016


Does this help?


http://answers.microsoft.com/en-us/windows/forum/windows_vista-files/wow6432nodemissing/718c459a-6865-482f-9a4d-fe7f06336cd1?auth=1
posted by museum of fire ants at 9:13 PM on May 2, 2016


That location in the Registry, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run , is a spot where stuff can be set to run at startup.

Whatever version of Windows you're running, go to Start -> Run "msconfig" (doing the "RUn" bit may be optional. Click the Startup Tab. If you're on Win10, you'll be referred to the Task Manager (Ctrl-Shift-Esc will open it, and select startup).

Disable anything you're not familiar with. Then get Spybot (Accept no substitutes with similar names!)-- free version is fine. Get it updated fully, and then run it.
posted by Sunburnt at 9:14 PM on May 2, 2016 [1 favorite]


Best answer: My guess is that your laptop is a Lenovo, and it's just updating (albeit poorly) system components. Scanning won't hurt though.

Here's someone else who's noticed the same thing:
Question: Was this a hacking attempt or normal?
this thread suggests 2DCC613D-E94E-4BA6-9642-77C4CA45DB7B is a HKLM registry key for Lenovo MultiMode.
posted by zamboni at 9:20 PM on May 2, 2016 [1 favorite]


"Autoruns" is the best tool for looking at auto-startups in Windows.

But it's sufficiently powerful (it shows you everything) so that you can hose your Windows install with it if you're careless.
posted by Chocolate Pickle at 9:28 PM on May 2, 2016 [1 favorite]


Best answer: How can this be with a full wipe and re-install?

OEM bloatware included in the re-installation image.

That, plus the fact that Windows has the worst update process ever devised, meaning that everybody and their dog implements their own update process for their own stuff, and some of them come close to proving me wrong about Windows having the worst one.

You might want your next nuke-and-pave to use an official Microsoft setup disc instead of whatever broken crap Lenovo has handed you. The SHA1 hash for the latest available official .iso image for 64-bit Windows 10 Home or Professional is B57921DDF4672C101F312AA66DD481350035D7E9 and if you Google that value you will find any number of download sources, from official to fully dodgy. It doesn't matter where you get it from as long as it matches that hash - if that's the case, you can be 100% certain it hasn't been tampered with.

Grab a copy of the product key from your current Windows installation before going the nuke-and-pave, just in case the generic setup program fails for some reason to detect the one embedded in your laptop firmware.
posted by flabdablet at 5:17 AM on May 3, 2016 [2 favorites]


Response by poster: Thanks, everyone. It appears to definitely be some sort of Lenovo bloatware, and I've been able to fix it. It's very disturbing when admin boxes just pop up like that, especially to someone like me, who tries never to download anything extra.
posted by xingcat at 5:39 AM on May 3, 2016 [1 favorite]


« Older Later in life to lose my virginity; afraid to...   |   How/where do I sell a motorcycle? Newer »
This thread is closed to new comments.