Have you booted up Windows only to find a sus black window with the tittle reg.exe?
(It may or may not be malware! It’s best to check yourself)
In this blog post i will explain what it could be and show you how you can find out why “reg.exe” is showing up on startup. I will also document my experience.
The problem:
You can see in the screenshots above the window that will open on my computer when i boot Windows.
This made me extremely worried as reg.exe is the program that can modify the Windows Registry and so it could be a sign of either: Malware Persistence or Badly Written Software.
How to check this item?
I. Task manager
First of all you should check in task manager to see if theres any item linked to reg.exe.
Make sure you glance at all items. Including subitems!
As you can see in my case there is no entry in task manager
II. Autostart \ sysinternals
In order to provide the further troubleshooting we are going to use the sysinternals suite of software.
You will need to download the Autostart sysinternals program to check for startup items.
- Direct Donwload link: https://live.sysinternals.com/autoruns.exe
Make sure you unselect the option to hide windows entries.
Then you can simply query for any entry containing reg.exe
As you can see in my case the entry pointed to a scheduled task.
III. Going to Task Scheduler
Now with the name of this item i could look it up for details in task scheduler.
Conclusion
As you can see in my case reg.exe was simply a reminiscence of the Asus Hotplug Controller for my laptop
Sources/Further reading:
- Sysinternals | learn.microsoft.com
- Autoruns | learn.microsoft.com
- C:\Windows\System32\reg.exe on start up | tenforums.com
- Why does reg.exe runs three processes when my Windows 8 starts up? | superuser.com