system32\netsh.exe - why is it popping up


Joined
Dec 4, 2015
Messages
2
Reaction score
0
This just began and I see some articles that claim it might be a malware masking under that file name. Anyone had experience on what is the issue and how to fix it. It flashes up on the screen , closes, flashes again over and over then stops. I can not find a file under that name and I have 64 bit Windows 10
 
Ad

Advertisements

Joined
Oct 26, 2016
Messages
2,139
Reaction score
640
Some information:



I have that file in the 'System32' folder as well as in 'Syswow64' and in the winsxs folder. It seems like that it is a legit file
 
Ad

Advertisements

Joined
Jun 15, 2021
Messages
9
Reaction score
0
This just began and I see some articles that claim it might be a malware masking under that file name. Anyone had experience on what is the issue and how to fix it. It flashes up on the screen , closes, flashes again over and over then stops. I can not find a file under that name and I have 64 bit Windows 10
Hi Joe,

netsh is a command line tool as Grizzly correctly pointed out. It's used to complete actions on the network adapters on the machine.
For example, in the industry, we open command prompt (cmd) and type 'netsh wlan show profile' - this will show you all the wireless networks saved into your computer. It can be used to add/remove networks also.

Now we know what it's for, it's a case of figuring out why it's opening.

To find out if it's genuine, I'd probably check the location of which it's opening.
If you do CTRL + Shift + ESC to open task manager,
click more details to view the full window
You can either right click the 'Name' column header and check on 'Command line' or find the netsh.exe in the list, right click and click 'Open File Location'.
Providing it says C:\windows\system32\netsh.exe it's most likely genuine. Elevated credentials would be required in order to overwrite that file.

Whilst you're in Task Manager, navigate to the Start-Up tab to see if anything's set on startup. It's a good idea anyway to right click and disable anything that's not critical to be launched upon startup, as many software vendors like to believe their software should boot upon startup. If you see anything you don't know, disable it or let us know and we can help out!

Another thing to check would be holding Winkey + R to launch the RUN dialog, then typing shell:startup or shell:common startup and seeing if anything is in there. This is where you can put shortcuts to launch apps when you login.

Finally, I'd try to make a new user account on the computer and see if it comes up on that account. To do this, if you launch cmd from the start menu you can type:
net user myUsername /add
net user myUsername *

The first command will create a user with the username myUsername. The second will ask you to set a password for myUsername. (You won't get any feedback when typing the password, so type it carefully then press enter once done. You will type the first, confirm it and then it will tell you if it has completed.

You can do this from the Settings menu if you prefer a GUI.


If the problem persists, my next steps would be running SFC /scannow which is a command line utility too and then using virus scanners/system scanners to produce a report of any malware.

Hope this helps!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top