Windows command processor is a necessary Windows service related to command prompt that starts automatically on startup. Removing it from startup or killing the process might freeze or crush your PC. However, writers of malware programs, such as viruses, worms, and Trojans deliberately give their processes the same file name to escape detection. For this reason, a lot of people have been reporting an annoying pop up about “Windows Command Processor.” Many people report that this pop up occurs when you are trying to run your browser or a file downloaded online.
What is Windows Command Processor?
If Windows Command Processor is a legitimate Windows file, then why do you get this pop ups? If you have such a problem, then it is probably driven by a malware. Once executed, this malware keeps popping up asking for permission to open windows command processor. Clicking cancel doesn’t seem to stop such a pop up as it appears again within a second, which is really irritating. More annoying is that your antivirus program like AVG, Avira or Norton can’t stop the Windows Command Processor pop up.
This Windows Command Processor malware has been reported as a Trojan malware that seems to invite more threats via the internet, slow down your PC, freeze your PC and even cripple your antivirus and antispyware programs. By adding a registry entry, this virus can add itself to the startup list therefore running automatically every time you restart your PC.
Here is how you can get rid of this malware. Proceed sequentially; if method 1 doesn’t work, try the next method.
Method 1: Delete the virus files manually
Most replicating malware hide in the appdata folder. From here, they can run automatically at startup therefore it will be difficult to delete them without stopping their processes first. Fortunately, Safe Mode only starts the essential programs that are needed to run Windows (even your antivirus and network cards won’t run in safe mode). This will make it easy to delete this malware.
- Right click on the taskbar and choose ‘Start task manager’
- On the task manager, go to the processes tab and look for suspicious processes with random letters. This will help in identifying the malware later.
- You can also go to the registry editor and look for suspicious entries. Press Windows Key + R to open run, type regedit and hit enter then go to this key and identify suspicious entries HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Alternatively, perform a clean boot using our guide here
- On Windows 10 and 8 hold down shift and restart your PC (On windows 7 and previous versions, restart your PC and press F8 during booting). This will give you the boot options. You can find a guide on how to boot into safe mode here.
- Choose ‘Safe mode’ and hit enter
- Go to this folder C:\Users\’Your UserName’\AppData\Roaming and look for executable (exe) files and files with random names. You will find files in this folder that are randomly generated by the malware, with rather short names such as “sadfispodcixg” or “gsdgsodpgsd” or “gfdilfgd” or “fsayopphnkpmiicu” or “labsdhtv” so they are easy to spot. Delete these files. Delete related folders, .txt documents or logs.
- Go to C:\Users\’Your UserName’\AppData\Local and do the same
- Go to C:\Users\’Your UserName’\AppData\Local\Temp and do the same. You can delete everything in this folder since they are just temporary files created by programs.
- After you are done, restart your PC
Method 2: Use MalwareBytes, AdwCleaner and Combofix to scan and fix your PC
If your antivirus software doesn’t find this malware automatically, you can employ the services of MalwareBytes and AdwCleaner. Combofix is a deeper scanner that will scan your files and registry and try to fix them. If step 1 doesn’t work, try step 2.
Step 1: Scan using MalwareBytes and AdwCleaner
- Download and install MalwareBytes from here
- Download and install AdwCleaner from here
- On Windows 10 and 8 hold down shift and restart your PC (On windows 7 and previous versions, restart your PC and press F8 during booting). This will give you the boot options. Choose to boot into ‘Safe mode with networking’
- After your PC boots into safe mode, open MalwareBytes and conduct a Full Scan. For more details on how to use MalwareBytes, follow our guide here
- Open AdwCleaner and conduct a Full Scan. For more details on how to use AdwCleaner, follow our guide here
- Remove all the malware that is found. The latest version of the two antimalware and antispyware software will clean your PC.
Step 2: Scan with Combofix
- If no malware is found or the issue is not fixed, you will need to run Combofix
- The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.
- Double click on combofix on your desktop to run it. Agree to the disclaimer
- Combofix will create a system restore point and backup your registry incase anything goes wrong
- Combofix will scan your PC and try to detect if Windows Recovery Console is installed. If not, you will get a message asking you to do so via an internet connection. Click on ‘Yes’
- After installation you will get another prompt. Click yes to scan for malware
- Combofix will now scan your PC for known infections from stage 1 to stage 50.
- A log file will then be created
- It is possible that ComboFix, even on its first run, may have fixed the problems you are having, but you can check the log file created for further directions
- The most common directions in the log file are to update or remove outdated programs that are vulnerable to malware, e.g. adobe reader and Java.
- Press the Windows logo key + R to bring up the “run box”
- Type ‘ComboFix /uninstall’ and hit enter
- This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clear System Restore cache and create a new Restore point.
PS: If you had created a system restore point, you can use it to go back to when your PC functioned correctly. You might lose some programs, but your personal data will stay intact. Just type ‘restore’ in the start menu and click on ‘System Restore’ and follow the instructions to reset your system to a time it functioned correctly.