What is Windows Command Processor? Is it a Windows program? Is it safe.

My WinPatrol just sent me this alert. I searched here and >> found this thread from six months ago. I have the same question (62)

Replies (4) 

That script is malware

The second line is the tip off

It wants to remove directories rmdir=remove

Please download the free version of Malwarebytes.
Update it immediately.
Do a full system scan
Let us know the results at the end.

15 people found this reply helpful

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

See ZigZag3143’s reply, and also note that the program cmd.exe (the command processor) *is* safe. It’s that use of it that isn’t safe.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

The second line is the tip off

It wants to remove directories rmdir=remove

Please download the free version of Malwarebytes.
Update it immediately.
Do a full system scan
Let us know the results at the end.

Many thanks for this. I ran my MBAM (Free) — it hasn’t detected any threats. What do you suggest, please?

Edited at 00:11 to add Neither of those entries are there, by the way. Is there any way that I can check the source of the problem eg event log — do I need to — or should I simply rely upon my Security program and WinPatrol?

Fix: Windows Command Processor on Startup in Windows 10

Windows command processor is a necessary Windows service related to command prompt that starts automatically on startup. Removing it from startup or killing the process might freeze or crush your PC. However, writers of malware programs, such as viruses, worms, and Trojans deliberately give their processes the same file name to escape detection. For this reason, a lot of people have been reporting an annoying pop up about “Windows Command Processor.” Many people report that this pop up occurs when you are trying to run your browser or a file downloaded online.

What is Windows Command Processor?

If Windows Command Processor is a legitimate Windows file, then why do you get this pop ups? If you have such a problem, then it is probably driven by a malware. Once executed, this malware keeps popping up asking for permission to open windows command processor. Clicking cancel doesn’t seem to stop such a pop up as it appears again within a second, which is really irritating. More annoying is that your antivirus program like AVG, Avira or Norton can’t stop the Windows Command Processor pop up.

This Windows Command Processor malware has been reported as a Trojan malware that seems to invite more threats via the internet, slow down your PC, freeze your PC and even cripple your antivirus and antispyware programs. By adding a registry entry, this virus can add itself to the startup list therefore running automatically every time you restart your PC.

Here is how you can get rid of this malware. Proceed sequentially; if method 1 doesn’t work, try the next method.

Method 1: Delete the virus files manually

Most replicating malware hide in the appdata folder. From here, they can run automatically at startup therefore it will be difficult to delete them without stopping their processes first. Fortunately, Safe Mode only starts the essential programs that are needed to run Windows (even your antivirus and network cards won’t run in safe mode). This will make it easy to delete this malware.

1. Right click on the taskbar and choose ‘Start task manager’
2. On the task manager, go to the processes tab and look for suspicious processes with random letters. This will help in identifying the malware later.
3. You can also go to the registry editor and look for suspicious entries. Press WindowsKey + R to open run, type regedit and hit enter then go to this key and identify suspicious entries HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
   
   Alternatively, perform a clean boot using our guide here
4. On Windows 10 and 8 hold down shift and restart your PC (On windows 7 and previous versions, restart your PC and press F8 during booting). This will give you the boot options. You can find a guide on how to boot into safe mode here.
5. Choose ‘Safe mode’ and hit enter
6. Go to this folder C:\Users\’Your UserName’\AppData\Roaming and look for executable (exe) files and files with random names. You will find files in this folder that are randomly generated by the malware, with rather short names such as “sadfispodcixg” or “gsdgsodpgsd” or “gfdilfgd” or “fsayopphnkpmiicu” or “labsdhtv” so they are easy to spot. Delete these files. Delete related folders, .txt documents or logs.
7. Go to C:\Users\’Your UserName’\AppData\Local and do the same
8. Go to C:\Users\’Your UserName’\AppData\Local\Temp and do the same. You can delete everything in this folder since they are just temporary files created by programs.
9. After you are done, restart your PC

Method 2: Use MalwareBytes, AdwCleaner and Combofix to scan and fix your PC

If your antivirus software doesn’t find this malware automatically, you can employ the services of MalwareBytes and AdwCleaner. Combofix is a deeper scanner that will scan your files and registry and try to fix them. If step 1 doesn’t work, try step 2.

Step 1: Scan using MalwareBytes and AdwCleaner

1. Download and install MalwareBytes from here
2. Download and install AdwCleaner from here
3. On Windows 10 and 8 hold down shift and restart your PC (On windows 7 and previous versions, restart your PC and press F8 during booting). This will give you the boot options. Choose to boot into ‘Safe mode with networking’
4. After your PC boots into safe mode, open MalwareBytes and conduct a Full Scan. For more details on how to use MalwareBytes, follow our guide here
5. Open AdwCleaner and conduct a Full Scan. For more details on how to use AdwCleaner, follow our guide here
6. Remove all the malware that is found. The latest version of the two antimalware and antispyware software will clean your PC.

Step 2: Scan with Combofix

1. If no malware is found or the issue is not fixed, you will need to run Combofix
2. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.
3. Double click on combofix on your desktop to run it. Agree to the disclaimer
4. Combofix will create a system restore point and backup your registry incase anything goes wrong
5. Combofix will scan your PC and try to detect if Windows Recovery Console is installed. If not, you will get a message asking you to do so via an internet connection. Click on ‘Yes’
6. After installation you will get another prompt. Click yes to scan for malware
7. Combofix will now scan your PC for known infections from stage 1 to stage 50.
8. A log file will then be created
9. It is possible that ComboFix, even on its first run, may have fixed the problems you are having, but you can check the log file created for further directions
10. The most common directions in the log file are to update or remove outdated programs that are vulnerable to malware, e.g. adobe reader and Java.
11. Press the Windows logo key + R to bring up the “run box”
12. Type ‘ComboFix /uninstall’ and hit enter
13. This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clear System Restore cache and create a new Restore point.

PS: If you had created a system restore point, you can use it to go back to when your PC functioned correctly. You might lose some programs, but your personal data will stay intact. Just type ‘restore’ in the start menu and click on ‘System Restore’ and follow the instructions to reset your system to a time it functioned correctly.

Windows commands

All supported versions of Windows (server and client) have a set of Win32 console commands built in.

This set of documentation describes the Windows Commands you can use to automate tasks by using scripts or scripting tools.

Prerequisites

The information that is contained in this topic applies to:

• Windows Server 2019
• Windows Server (Semi-Annual Channel)
• Windows Server 2016
• Windows Server 2012 R2
• Windows Server 2012
• Windows Server 2008 R2
• Windows Server 2008
• Windows 10
• Windows 8.1

Command shell overview

The Command shell was the first shell built into Windows to automate routine tasks, like user account management or nightly backups, with batch (.bat) files. With Windows Script Host you could run more sophisticated scripts in the Command shell. For more information, see cscript or wscript. You can perform operations more efficiently by using scripts than you can by using the user interface. Scripts accept all Commands that are available at the command line.

Windows has two command shells: The Command shell and PowerShell. Each shell is a software program that provides direct communication between you and the operating system or application, providing an environment to automate IT operations.

PowerShell was designed to extend the capabilities of the Command shell to run PowerShell commands called cmdlets. Cmdlets are similar to Windows Commands but provide a more extensible scripting language. You can run Windows Commands and PowerShell cmdlets in Powershell, but the Command shell can only run Windows Commands and not PowerShell cmdlets.

For the most robust, up-to-date Windows automation, we recommend using PowerShell instead of Windows Commands or Windows Script Host for Windows automation.

You can also download and install PowerShell Core, the open source version of PowerShell.

Incorrectly editing the registry may severely damage your system. Before making the following changes to the registry, you should back up any valued data on the computer.

To enable or disable file and directory name completion in the Command shell on a computer or user logon session, run regedit.exe and set the following reg_DWOrd value:

To set the reg_DWOrd value, use the hexadecimal value of a control character for a particular function (for example, 0 9 is Tab and 0 08 is Backspace). User-specified settings take precedence over computer settings, and command-line options take precedence over registry settings.

Command-line reference A-Z

To find information about a specific command, in the following A-Z menu, click the letter that the command starts with, and then click the command name.

What is Windows Command Processor? Is it a Windows program? Is it safe.

My WinPatrol just sent me this alert. I searched here and >> found this thread from six months ago. I have the same question (62)

Replies (4) 

That script is malware

The second line is the tip off

It wants to remove directories rmdir=remove

Please download the free version of Malwarebytes.
Update it immediately.
Do a full system scan
Let us know the results at the end.

15 people found this reply helpful

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

See ZigZag3143’s reply, and also note that the program cmd.exe (the command processor) *is* safe. It’s that use of it that isn’t safe.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

The second line is the tip off

It wants to remove directories rmdir=remove

Please download the free version of Malwarebytes.
Update it immediately.
Do a full system scan
Let us know the results at the end.

Many thanks for this. I ran my MBAM (Free) — it hasn’t detected any threats. What do you suggest, please?

Edited at 00:11 to add Neither of those entries are there, by the way. Is there any way that I can check the source of the problem eg event log — do I need to — or should I simply rely upon my Security program and WinPatrol?

Is Windows Command Processor a part of Windows or is it spyware?

* Original title: windows command processor

Is Windows Command Processor a part of Windows or is it spyware? I noticed it today when doing a search of Start-Up programs on my computer and found several references to it as Spyware that should be removed. I have run Malwarebytes (free version), Microsoft Safety Scanner, and Norton Power Clean but none of these programs found my computer to be infected with virus or spyware. Should this file be removed or is it a working part of the Windows program?

Replies (10) 

I realize the inconvenience you are facing in Windows. We will help you.

To assist you better, i suggest you to answer the below questions.

1. From where did you search you search for the startup programs?
2. What is exact error message you are getting?
3. What was the result when you tried to run the Microsoft Safety Scanner?

Please post to us if you have any further queries. We are glad to help you further.

3 people found this reply helpful

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

1. I was using Norton 360 when I found this file as a start-up.

2. I am not getting any error messages.

3. Microsoft Safety Scanner found no errors, viruses, or spyware.

5 people found this reply helpful

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thank you for keeping us updated.

Let’s try the below methods and check if it helps to resolve the issue.

Method 1: Perform a clean boot and check if the issue persists.

to disable all non-Microsoft services consult the article called Clean Boot.
Follow: https://support.microsoft.com/en-us/kb/929135

Note: A clean boot is performed to start Windows by using a minimal set of drivers and startup programs. This helps eliminate software conflicts that occur when you install a program or an update or when you run a program in Windows. You may also troubleshoot or determine what conflict is causing the problem by performing a clean boot.

Disclaimer: After troubleshooting, refer to this section «How to reset the computer to start normally after clean boot troubleshooting»

Method 2: I suggest you to perform a SFC scan (System file checker) scan.

System File Checker is a utility in Windows that allows users to scan for corruptions in Windows system files and restore corrupted files.

I suggest you to check for updates and install all the pending updates available in your PC and check if the issue persists.

Keep us posted if the issue is resolved. We are glad to help you further.