Location:
State:
Carrier
Country
Status

Way to find out what activated my cmd window?


I had just logged on to the Internet today and was getting ready to start "surfing" and my CMD window came up and closed before I could read what was activating it. Any way to see a log history of CMD windows? I want to know what it was. I don't like this.... could be innocent but maybe not.

When you saw this, Did you log onto your computer or did you open a Browser? If you opened a browser, then you may have addons or extensions that are starting. It could be malware.
What Browser are you using? Check your addons, plugins, and extensions for unknown programs: How to check and configure your browser plugins - TechRepublic

Maybe event viewer has some options for you:

Don't know if this actually works for viewing "system generated CMDs" as well but the Doskeycmd can recall the history of manually entered commands:

Doskey will show the history of commands entered in the current cmd window. But it won't tell you anything of when or why that window was opened. Windows does not maintain any log of when cmd windows are opened. Event viewer may reveal the cause indirectly but that is a long shot. Typically cmd windows come and go without leaving any traces.

I cant remember if I was bringing CyberFox up or not when this happened. I did take a photo shot of my Admin Event Viewer on the day it happened. I guess not really telling a whole lot. A "CMD history" addition to Windows would be nice, so when this happens we could go back and see what it was.
 

I could never make much sense of event viewer myself but then again- I never really needed it nor was I curious about it. As @LMiller7ruled out the Doskey option I have no idea how to investigate further, other than indeed checking logs and digging into it.

You could however also "tackle" this from another angle. I suppose your main concern is an infection. If you run a couple of Antivirus /Malware scans or use Hijackthis you can rule out that scenario.

I doubt that looking in the event logs will tell you much. It would require a detailed analysis of many entries and there likely is nothing relevant there anyway.

It is true that a log of cmd window openings could be useful. But how useful is questionable.

Microsoft receives huge numbers of feature requests. Many, for various reasons, could not be reasonably implemented. Many others would be of little general value. But there are still large numbers of features that would be of genuine value and could be reasonably implemented. But the sheer number of them is a problem. Implement even a small fraction of them and Windows would become a monstrosity that nobody would want to use. As a result Microsoft must carefully consider the value of a proposed feature against the costs, and this is far more than just time and money. Many useful features just don't make the cut. Maybe they will appear in a later version, or not.

If you are concerned about malware be aware that modern malware is very good at hiding it's tracks. It is fully capable of deleting log entries that might reveal it's presence, of preventing them from entering the log in the first place, or even falsifying it's contents. Considering the other things that malware does this isn't particularly difficult. Malware authors are experts on Windows internal workings, knowing far more than is in the official documentation.

This was something you shouldnt even bother about.. In order to check what it was .. go to task scheduler and check what was the scheduled task at that time.

Way to find out what activated my cmd window?