Share via

Saw a seemingly suspicious process with the name "Windows(r)"

Anonymous
2023-10-26T04:49:12+00:00

Hey community,

While troubleshooting a softlock I had earlier tonight, I saw a process called "Windows(r)" for a split second before disappearing, that wasn't the full name but that was all I could recall. I've never seen a windows process to have a trademark associated with it and a safe-mode virus search came up with nothing out of the ordinary and my event logs didn't pick anything up either.

Is there any official process that I'm unaware of that seems similar to the one I came across today?

Windows for home | Windows 10 | Performance and system failures

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

_AW_ 67,926 Reputation points Volunteer Moderator
2023-10-26T06:36:04+00:00

Your computer looks clean. To clean up some dead entries,

  • run Autoruns as administrator
  • switch to the Logon tab
  • right click on each yellow highlighted entry and delete
  • repeat for the Scheduled Tasks and Drivers tabs

Basically all yellow highlighted entries can be removed except those listed under Known Dlls.

I'm really not certain of what you may have glimpsed. You could look at what scheduled tasks executed around the time.

Right click the start button and select Windows Powershell.

Copy and paste in the following script and press enter:

[PSCustomObject]$obj = @()

Get-ScheduledTask | % {

    $obj += [PSCustomObject]@{

        URI = $_.URI

        Name = $_.TaskName

        Execute = $_.Actions.Execute

        Arguments = $_.Actions.Arguments

        LastRunTime = (Get-ScheduledTaskInfo -TaskName $_.URI).LastRunTime

    }

}

$obj  | Sort LastRunTime -Descending | Select URI, Name, LastRunTime, Execute, Arguments | Out-GridView

Scheduled tasks will be listed in the gridview starting from most recently executed.

Was this answer helpful?

1 person found this answer helpful.
0 comments

5 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-10-26T06:48:34+00:00

    Skimming through the scheduled tasks there wasn't anything out of the ordinary, I very well may have skimmed some maintenance task and thought the worst.

    I'll clear up the Autoruns entry and settle my worries with a full maywarebytes scan of my system. Thank you for the help and information.

    Was this answer helpful?

    0 comments
  2. Anonymous
    2023-10-26T06:02:55+00:00

    Thank you for your response.

    I ran the program, here is what I saved: PCAutorun.arn

    Was this answer helpful?

    0 comments
  3. _AW_ 67,926 Reputation points Volunteer Moderator
    2023-10-26T05:53:41+00:00

    If you would like to rule out malware as a cause, please share an Autoruns log.

    https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

    Unzip and run Autoruns64.exe and accept the license agreement

    When it finishes scanning, press Ctrl + S - Save the log

    Share the log on OneDrive, Google Drive, or a similar file sharing service

    Post the share link with your reply

    Was this answer helpful?

    0 comments
  4. Anonymous
    2023-10-26T05:21:36+00:00

    I've come across multiple .NET listings in my registry that have the term "Windows(R)". Is it likely that the process I saw is related to the .NET framework in some way?

    Was this answer helpful?

    0 comments