Share via

Windows Command Processor Malware

Anonymous
2024-04-05T05:35:40+00:00

Every time I turn on my computer I look at task manager and see that the windows command processor task is running and is using up a significant amount of my ram, how do I fix this?

I ran FRST and these are my log files, I would appreciate a fixlist.txt for these problems

https://drive.google.com/file/d/1USveTmVj-rxLFLqWS9AkJqOJTY4pThMz/view?usp=drive_link, https://drive.google.com/file/d/1XMk67M6LIJX5Dx9w2uceh6tbaezg2pZX/view?usp=drive_link

Windows for home | Windows 11 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments No comments
Answer accepted by question author
  1. Ramesh 176.1K Reputation points Volunteer Moderator
    2024-04-05T05:54:26+00:00

    Hi,

    From admin Command Prompt, run these commands:

    schtasks /delete /tn "\Windows Service Task" /f

    rd /s /q "%LocalAppData%\Updates"

    And avoid running cracks and illegal KMS tools. They'll infect your system in no time.

    Open Windows Security, Virus and threat protection, Manage settings, "Add or more exclusions".

    Clear all exclusions, if any, manually.

    2 people found this answer helpful.
    0 comments No comments

7 additional answers

Sort by: Most helpful
  1. Ramesh 176.1K Reputation points Volunteer Moderator
    2024-04-05T06:33:28+00:00

    Run from admin Command Prompt instead of PowerShell.

    0 comments No comments
  2. Anonymous
    2024-04-05T06:28:29+00:00

    The second command is giving me this error:
    Remove-Item : A positional parameter cannot be found that accepts argument '/q'.

    At line:1 char:1

    • rd /s /q "%LocalAppData%\Updates"
    • 
          + CategoryInfo          : InvalidArgument: (:) [Remove-Item], ParameterBindingException 
      
          + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.RemoveItemCommand
      
    0 comments No comments
  3. Anonymous
    2024-04-05T05:43:41+00:00

    I have done so now, they should be publicly available now.

    0 comments No comments
  4. Ramesh 176.1K Reputation points Volunteer Moderator
    2024-04-05T05:40:17+00:00

    Hi,

    Please share the files for public access. The links want me to sign in to Google.

    0 comments No comments