• Windows

  • Background command is running in windows

When i restart my windows laptop. there some pop up coming where some cmd is running and disappeared. How to know what command is running?

If a Command Prompt (cmd.exe) window appears briefly when you restart your Windows laptop and then disappears, it might be due to a scheduled task, startup program, or background process executing commands. Here’s how you can identify what command is running:

1. Check Windows Task Scheduler

Many background scripts or commands run via the Task Scheduler. To check:

  1. Press Win + R, type taskschd.msc, and hit Enter.
  2. In the left panel, expand Task Scheduler Library.
  3. Look for suspicious tasks under Active Tasks.
  4. Click on a task and check the Actions tab to see the command it executes.
  5. If you find any unusual tasks, disable or delete them.

2. Use Event Viewer

Windows logs startup events, including scheduled tasks and script executions.

  1. Press Win + R, type eventvwr.msc, and hit Enter.
  2. Navigate to Windows Logs > Application or System.
  3. Look for events around the time you restarted.
  4. If you find an event related to cmd.exe, check the details for the executed command.

3. Check Startup Programs (Task Manager)

  1. Press Ctrl + Shift + Esc to open Task Manager.
  2. Go to the Startup tab.
  3. Look for unknown or suspicious programs running at startup.
  4. Disable unnecessary entries by right-clicking and selecting Disable.

4. Enable Command Prompt Logging

If the above methods don’t work, enable command logging to capture the command:

  1. Open Notepad and paste the following: 
       @echo off
   echo %DATE% %TIME% - %CMDLINE% >> C:\command_log.txt
  2. Save it as log_cmd.bat.
  3. Press Win + R, type gpedit.msc, and go to:
    • Computer Configuration > Windows Settings > Scripts (Startup/Shutdown) > Startup.
  4. Add the log_cmd.bat file.
  5. Restart your PC and check C:\command_log.txt for recorded commands.

5. Check Registry for Startup Scripts

  1. Press Win + R, type regedit, and hit Enter.
  2. Navigate to:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  3. Look for suspicious entries running CMD or scripts.
  4. Delete unwanted entries carefully.

6. Use Autoruns (Microsoft Tool)

A more advanced way is to use Autoruns by Microsoft:

  1. Download Autoruns from Microsoft Sysinternals.
  2. Run it as Administrator.
  3. Check the Logon and Scheduled Tasks tabs for any unknown CMD-related entries.
  4. Disable unnecessary items.

7. Check Windows Defender or Antivirus Logs

Sometimes malware or scripts execute commands on startup. Run a full system scan using Windows Defender or any antivirus to detect hidden scripts.

Conclusion

If you see a command window briefly appearing on startup, it is likely a scheduled task, startup script, or malware. Using Task Scheduler, Event Viewer, Registry Editor, or Autoruns, you can identify and stop the unwanted command.