How can I fix the constant popup window on my PC after a virus removal?

[Drakkith]

A few days ago my AVG antivirus detected a virus and successfully eliminated it. Since then I've been having an issue where a window will briefly popup but is immediately closed. I'm concerned that the virus wasn't cleared fully or that I've gotten another virus, but I've done several full scans but my antivirus says everything is clear.

Any suggestions on what I can do to fix this? Another antivirus program perhaps?

 

[UsableThought]

A few days ago my AVG antivirus detected a virus and successfully eliminated it. Since then I've been having an issue where a window will briefly popup but is immediately closed.

You could get familiar with the system logs for whatever your version of Windows you are running. That way, the next time the mysterious window pops up, you could make a note of the time, then go into the log & look for events that might represent it. If you find something odd, you could then Google to see if it's something known.

See for example: http://www.thewindowsclub.com/use-event-viewer-check-unauthorized-use-windows

 

[Zach S]

Do you have the free version of AVG if so I suggest purchasing nortons or symnantec.

Do any of these appear as well?
-CPU is always running at high processing
-Programs don't function properly like they use to
-There files on your computer you don't remember downloading (or files are missing)
-When using the internet do a lot of ads pop up(not googles ads)
-does your homepage change by its self
-does you internet seem a lot slower than before

 

[phinds]

As Zach said, you should monitor your performance stats. The first thing I would look at is the internet connection usage. Heavy usage when there shouldn't be any is a sure sign that (rare but it happens) Windows or one of your apps is updating itself OR a virus is using your computer and is communicating via the internet. Second thing to look at is CPU usage, again looking for usage that is higher than it should be.

If you're not conversant w/ monitoring the performance stats say so and we can give you instructions. It's very simple so I'm confident that even you can get it done.

 

[Drakkith]

Thanks all! I'll keep an eye out and see what happens.

You could get familiar with the system logs for whatever your version of Windows you are running. That way, the next time the mysterious window pops up, you could make a note of the time, then go into the log & look for events that might represent it. If you find something odd, you could then Google to see if it's something known.

See for example: http://www.thewindowsclub.com/use-event-viewer-check-unauthorized-use-windows

Thanks for the link!

 

[stoomart]

A few days ago my AVG antivirus detected a virus and successfully eliminated it. Since then I've been having an issue where a window will briefly popup but is immediately closed. I'm concerned that the virus wasn't cleared fully or that I've gotten another virus, but I've done several full scans but my antivirus says everything is clear.

Any suggestions on what I can do to fix this? Another antivirus program perhaps?

With conventional signature-based antivirus software stopping less than 50% of malicious applications, the focus these days is on general system maintenance (patching, backup, etc.) and good security hygiene. If one of these files does execute successfully, depending on the severity of damage caused, you could be looking at anything from running a simple removal tool to full nuke/pave/restore. If you aren't familiar with identifying and cleaning out malware, I suggest working with a trusted friend or contact to determine how bad it is, or to give you a clean bill of health. Good luck.

p.s. I think you gave me an idea to submit for an insight article.

 

[willem2]

Did AVG produce any logs? What virus claimed it to have found?
It's possible that something was cleaned up badly, but you need to know what files, registry keys were changed.
Your windows version is also important to know for anyone who tries to help you.
Other ideas:
-check the event viewer
-check with another scanner
-run sfc /scannow to check your system files.

 

[jedishrfu]

I'd also search on the virus name to see if there other reports about this same behavior.

 

[DrZoidberg]

Maybe it's this issue
https://www.reddit.com/r/Windows10/comments/6d8820/cmd_popups_with_an_hour_between/

 

[Drakkith]

Maybe it's this issue
https://www.reddit.com/r/Windows10/comments/6d8820/cmd_popups_with_an_hour_between/

It's certainly possible. Earlier, the popup window came up and then stayed up, instead of closing immediately like it usually does. The title of the window was something like "Microsoft Office". I did some searching and came across a few sites saying to check my task scheduler, which I've done, but I hadn't seen anything specifically pointing out the "OfficeBackgroundTaskHandlerRegistration" in the task scheduler until now. I'm in the middle of running another antivirus scan and will be looking more into this.

 

[Drakkith]

The popup appeared again a few minutes ago and the timing of it matches closely with what is shown in the "Last Run Time" column in Task Scheduler for the "OfficeBackgroundTaskHandlerRegistration" task.

 

[phinds]

The popup appeared again a few minutes ago and the timing of it matches closely with what is shown in the "Last Run Time" column in Task Scheduler for the "OfficeBackgroundTaskHandlerRegistration" task.

Ah ha! The smoking gun.

 

[stoomart]

The popup appeared again a few minutes ago and the timing of it matches closely with what is shown in the "Last Run Time" column in Task Scheduler for the "OfficeBackgroundTaskHandlerRegistration" task.

Good to hear its likely benign. Aside from the built-in startup configuration tools provided in Windows (msconfig since Win98+ and task manager in Win8+), Microsoft provides a very powerful tool called Sysinternals Autoruns, which shows you every nook and cranny in the OS something can load from (except rootkits).

 

[Routaran]

Good to hear its likely benign. Aside from the built-in startup configuration tools provided in Windows (msconfig since Win98+ and task manager in Win8+), Microsoft provides a very powerful tool called Sysinternals Autoruns, which shows you every nook and cranny in the OS something can load from (except rootkits).

Autoruns + Process Explorer + Safemode + Deny permissions = Death to all spyware. (except rootkits as stoomart said lol can't kill what you can't see, at when booting the infected OS)

 

[symbolipoint]

Something that commercial Protection & Security programs let you to do is make a "rescue" disk. In case you believe your computer is infected, you might/may/could start your computer to the rescue disk and not into Windows, and use the rescue disk to clean some or much of the possible infections, before going into Windows and letting your installed security & protection program continue to do more cleaning.

 

[rbelli1]

its likely benign.

I've been having the same thing happen. I have also narrowed it down to Office update. It appears to be Skype for office. At least that is the only Office thing I have.

BoB