Virus/spyware/hijacking? How to investigate this strange Win10 thing?
November 9, 2022 2:22 AM   Subscribe

Whenever I start / restart my Win10 desktop PC, I see a quick flash of 2 boxes, those black boxes like when running a batch file or windows commands in DOS.

They show up right when the desktop is just coming on. They flash so quick I have no way of seeing what they are doing.

I have looked at all the normal startup options, what processes are allowed to run in the background, etc.

What could these be? Can they be legit things like maybe auto-update processes from Adobe or similar? Is there some way to freeze them during their action to examine them? What are my steps to figure this out?
posted by Meatbomb to Computers & Internet (6 answers total) 2 users marked this as a favorite
 
If you press the Windows key, then type 'startup', you'll see a link for the Startup settings, which will list the various things running when Windows starts. If you can't spot the obvious culprit, you could check the logs (see https://www.makeuseof.com/windows-check-startup-shutdown-history/)
posted by pipeski at 2:53 AM on November 9, 2022


Yes, they absolutely could be legitimate processes, I have the same thing on my works laptop from a couple of pieces of enterprise software that turn on on startup.

It is also possible they are malware of some kind, but that would be unlikely because most malware wants to be as invisible as possible. But make sure your anti-virus is up to date and run it to make sure. If you haven't got Malwarebytes installed, which is pretty much the one thing every security person will recommend on top of your AV, install it and scan your whole device as well.

If neither your AV or Malwarebytes finds anything you can be pretty sure it's not malware. To find out what app is doing it, turn autostart off on an app (this is how to do that on Windows 10 for example) and restart your laptop. Keep doing this on each app that autostarts until the command line windows don't flash up any more - the last app you stopped from auto starting will be the culprit.
posted by underclocked at 2:56 AM on November 9, 2022


Sysinternals Autoruns shows EVERY THING that your Windows autoruns at the beginning. It's so successful, Microsoft bought them and made it official Microsoft product.
posted by kschang at 3:16 AM on November 9, 2022 [6 favorites]


Those are likely shell windows and probably fine - on my very old and slow work laptop, they stick around longer than a flash, and two to five such windows always open up and then close at some point when Windows is just starting up. The shell window gives you access to the underlying operating system, and Windows is built on layers upon layers dating back to when a text prompt was the main interface for computers, so it’s probably fine and most likely related to the operating system loading up parts of itself. But definitely use the tools linked above to help set your mind at ease.
posted by eviemath at 4:01 AM on November 9, 2022


It could very well be updates of some kind. I have a couple of these from time to time, for Visual Studio and so on. they pop up, do their thing with a transcript stored somewhere, and go away again.
posted by Alensin at 6:10 AM on November 9, 2022


I think it is MS Teams. I started seeing them when teams started auto-running at startup.
posted by Windopaene at 10:33 AM on November 9, 2022


« Older Translate a short polish letter   |   Research on allowing alcohol but banning gambling? Newer »
This thread is closed to new comments.