My "shell:startup" is contaminated. What is it exactly?

Question

I got click-baited and stupidly installed malware packages yesterday. Today I found out it even contaminated my windows startup service so I went on and start cleaning things.

One thing I noticed is that when I RUN(win+r) shell:startup, it redirected me to a directory where malware files once were. So I deleted the directory, but I feel like I have to fix that global variable too.

*update: My taskmngr's start program tab is now empty.

What is "shell:startup" and where can I fix its content path?

Service Desk Bunny · Accepted Answer · 2022-05-11T06:01:09.010

Answering your question:

Go to Registry Editor (Win+R and type regedit, then press Enter)

Follow this path

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Find the Startup string, right click on it and modify the path with the correct one:

%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

To modify the startup path for all users startup you have to edit the Common Startup string following this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

The default location is:

%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup

Please remember to restart your device after.

You should also check out this:

How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

My "shell:startup" is contaminated. What is it exactly?

1 Answers1