I recently purchased a laptop from a friend's boyfriend, and now every time I turn it on, PowerShell is popping up asking for administrator permission. The message displayed is: "\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command & { Add-MpPreference -ExclusionPath C:\Users\MyPC\AppData\Roaming. I really just want to boot up my laptop without this annoying prompt showing up every time. Can anyone help me disable it?
4 Answers
If you want to look instead of wipe, I suggest downloading Autoruns and Procmon from Sysinternals. Autoruns will show you everything that starts automatically, while Procmon monitors processes. Both can help you find out what exactly is causing PowerShell to run on startup. Just search for the command you mentioned and see what links back to it.
It sounds like the Windows license might not be legit. The person who set this up may have used a license activator tool that could be harmful. I’d be cautious.
That sounds pretty suspicious! I’d recommend considering a full wipe and reinstall of Windows just to be safe. You never know what could be lurking there.
This happened after I used PowerShell to activate Windows, and it was never an issue before. I’ve done this activation on multiple computers without any problems. Either way, clicking Yes or No doesn’t stop it from coming back the next time I turn on the laptop.
Or you could wipe the computer without reinstalling Windows as another option.
The command you’re seeing is trying to add an exclusion to Windows Defender. You should check if that path is meant to be excluded, especially since it could be a security risk. Here’s what I recommend: check your Defender settings and remove anything suspicious from that exclusion list, run a full system scan, and clean the system if needed.
Thanks for the advice! I checked and found a lot of trojans. I'll clean it now and see if that helps.
It definitely was suspicious... what a time that was!