0

I have a couple suspicious mystery entries in my Startup Apps. MalwareBytes didn't flag them but I want to try them on VirusTotal to be sure.

enter image description here enter image description here

startup entries named just named "Program" and "Update" that just look like the sort of thing a crypto miner virus would hide itself as

A quick google search says to look in shell:startup, which expands to C:\Users\[REDACTED]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup but there's nothing there.

UPDATE before i even submitted the question I thought to look in the startup tab in task manager, right-click, and select "open file location". the "Update" one turns out to be related to Electron. but "Program" has that option greyed out so question still stands. where do I find the .exe?

SIGSTACKFAULT
  • 113
  • 5

1 Answers1

0

Have a look in the following registry keys and see if you spot anything unusual or uninstalled there:

Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If you do, don't simply delete the registry key, and instead try to fully remove the application in question.

It's unlikely that either of those are malware, but instead just badly made applications that haven't cleanly uninstalled, or haven't named their startup object correctly.

Joe Smith
  • 31
  • 5