Question Suspicious/Malicious? StopProc.bat in root C:

Jul 19, 2022
4
0
10
0
Hey all, first-time poster, long-time googler. Thanks for being reliable when I add "toms hardware" to the end of my tech support google searches.

Just picked up a Dell Latitude from Microcenter and started prepping it for use by my company. When I opened root C: in File Explorer, I saw an eye-catching file: StopProc.bat

Opening in a text editor shows just 1 line of this script: TASKKILL /F /IM RunDll32.exe

This batch script is not in startup items or Task Scheduler from what I can see.

I've seen this same batch script on another Dell Latitude that I was troubleshooting last year, but I deleted it instead of looking into it further. This laptop is fresh out of the box from Microcenter, but ASTSYS, a Canadian refurbisher from the looks of it, has their support contact information on the bottom of the laptop. I'll be reaching out to them if we're all stumped here, and I'll update the post with what I hear back.

Any ideas why they would even run this in the first place, yet alone leave it on a refurbished PC to be resold?
 
Jul 19, 2022
4
0
10
0
Full wipe and reinstall of the OS.

Why did Microcenter leave it there?
Because they did not do that wipe and reinstall.
I've seen this from other big box stores. Even after asking point blank if they did that. "Oh yes sir. We always do, every time."
No, they did not.
I was thinking that it was ASTSYS that did this refurb. If I've seen this script on 2 Dell Latitudes so far, it's probably no coincidence. Why would they find it necessary to kill RunDLL32.exe, assumingly on startup, at all?
 
Thread starter Similar threads Forum Replies Date
N Windows 10 14

ASK THE COMMUNITY