Skip to main content



Usoclient.exe Command window popup

One of my juniors complained me that his system behaves weird today. He told me a command window popup mentioned as usoclient.exe from the system32 location (that is easily seen in the title bar). I convinced him this is a legitimate process only no need to worry about. In case if the same process run from some other location like temp folder, app data then it could be malicious. For a normal user, if a command window popped and closing will give the feel of malware is running in the system. If you also got the same usoclient.exe in the command window popup and closed, no need to worry about it. 

Open the administrative tools in the control panel, you can find the task scheduler file. I asked him to open that where he can find usoclient.exe under Microsoft->Windows->UpdateOrchestrator.

Usoclient is a legitimate process if you see it in windows/system32 folder. If it is running in suspicious location then we can flag that process as malicious one. 

Post by newWorld

Latest Posts

EKFiddle team updated regex for drive by Mining via Drupal attack

Phishing campaign - Netflix

Bug Hunter's Notepad

Details of Lokibot - Malspam

Interesting File in VT:

Microsoft Patch Tuesday for April 2018:

Analysis of Potentially Unwanted Application

Is it possible for internet service provider to serve popup ads in the user machine?

Analysis of Foreign Ransomware

Analysis of New variant of Ransomware in Development stage

Google Plus: