What is "powershell.exe -noexit -command Set-Location '%V'"?

Question

Greetings!

I am trying to find information about Powershell and this Startup Script that shows up on CCleaner.

I have searched my system for malware, virus and problems. All Clean.

What I can read about this context script in my startup powershell.exe -noexit -command Set-Location '%V',

is that it's a malware and shouldn't be there.

In the regedit, the shell had the value of @shell32.dll,-8508

Is this value from Windows or any confirmed malware?

Can anyone please assist me in what this is before I start to mess around with my regedit?

Is this just fine, or something that should get removed?

My system is Win 10, 64Bit

Thanks!

--Jonas the Swedish Goth

***Post moved by the moderator to the appropriate forum category.***

Answer 1

Well, I've got very similar registry keys in a fairly clean install of Win 10, v1703 (Creators Update). This leads me to believe you are fairly normal in that regard. However, Autoruns does not show it is a startup item...

(1) Are you sure CCleaner is saying that it runs at startup? I would take Autoruns to see whether that is verified. Let me know, if you are confused installing it...

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx?f=255&MSPPError=-2147217396

Autoruns for Windows v13.71

(2) I'm not absolutely positive, but I think "***powershell.exe -noexit -command Set-Location '%V'"***is just opening a PowerShell prompt at a directory that is passed to it. The prompt will stay open, due to "-noexit". Do you see that at startup?

EDIT: This is what that does: Hold SHIFT, & R-Clk any folder in File Explorer...

Answer 2

You are welcome. Keep it! Did you see the edit in my post? It's a built-in feature of Windows.

Answer 3

Hi Jonas,

Based on the details that you have shared, it looks like the script is a result of a registry error. It would be best if you don't make any changes yet to the registry because it may cause more issues.  To help us determine the solution, we'd like to ask for additional information. Please answer the following:

• Have you made recent changes or installed updates before the context script appeared?
• Can you please provide a screenshot of the context script?

For initial troubleshooting, we recommend running System File Checker and DISM to repair the registry and corrupted system files. To check the steps, check this Wiki article: System file check (SFC) Scan and Repair System Files & DISM to fix things SFC cannot.

We will wait for your quick response.

Answer 4

Hello and thanks for your reply!

I know enough about Regedit to know that you never ever touch it, unless you know 100% sure about what you are doing! I only use CCleaner.

• Have you made recent changes or installed updates before the context script appeared?

This Powershell path has been in the context for a few months. I wanted to know what it was, but can't find any proper info about it. There are a few posts about the exact same Powershell Script and Regedit Value.

My concern is what this Powershell is doing, and where it come from? Also, I cant edit the powershell in Regedit, or disable it.

Apart from Windows updates, and STEAM updates, nothing has been changes/installed/removed from my system lately.

I will try the System File Checker! Thanks for the suggestion! =)

Here are my screenshots:

Thanks for your help!

Answer 5

Mr PCR, you made me stop being paranoid about this! Thank you!

I still find posts stating its a malware, but not from any professionals.

Do you know how to remove the damn thing by any chance? I've beat my head against this in regedit with Permissions, but cant find where to give myself the right to remove it.

Or is there a reason why I shouldn't remove it?

I still like to know what it is =).