Hey everyone! So, I recently went to a random insecure website and now my computer is acting weird. My PC froze shortly after, even though I had a game downloading and a bunch of tabs open, which is unusual for my machine. I locked my computer (using WIN+L) and noticed my lock screen changed to the default Windows one. Then, while browsing Reddit for help, Firefox downloaded an empty .HTM file. After restarting, I saw a CMD process running in the Task Manager with the command line pointing to something in C:WindowsSystem32. I've run full scans with Windows Defender and Kaspersky, cleared my browser data, and even did a system restore, but the lock screen keeps resetting to default and that CMD process is still active. Is this something I should be worried about? Here's a link to an ImgUr album with some screenshots: [https://imgur.com/a/n56BtiK](https://imgur.com/a/n56BtiK). By the way, I did run a debloating script for Windows recently, so I'm not sure if that's affecting anything too.
1 Answer
Based on what you're describing, it doesn’t seem like you've been compromised by malware, but rather some issues are arising from system corruption. This could be due to the interrupted system restore, changes from debloating, or possibly the weight of so many tasks running at once when you visited that site. Here's what I recommend doing: 1. Check your Task Scheduler and Startup for any suspicious cmd.exe entries. 2. Use Autoruns from Microsoft Sysinternals since it gives you a more comprehensive look than Task Manager. 3. Run 'sfc /scannow' and 'dism /online /cleanup-image /restorehealth' to fix any corrupted system files. 4. You might need to reinstall any broken default apps through PowerShell. 5. Keep an eye on your system for a few days to see if that CMD process keeps popping up.
Thanks for the tips! I'll definitely check Task Scheduler and Autoruns. The CMD thing is really bugging me, especially since it seems to appear every time I start Windows. But maybe cleaning things up will help.