Fix 'Get-AppxPackage' popup on login

x BlueRobot · Feb 1, 2024

Thanks, could please disable ESET from starting at login?

Code:

C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -Command if (((Get-AppxPackage -Name 'EsetContextMenu').length -ne '1') -Or ((Get-AppxPackage -Name 'EsetContextMenu').version -ne '10.39.35.0')) { Get-AppxPackage -Name 'EsetContextMenu' | Remove-AppxPackage; Add-AppxPackage -Path 'C:\Program Files\ESET\ESET Security\EsetContextMenu.msix' -ExternalLocation 'C:\Program Files\ESET\ESET Security\' }

Let me know if that makes any difference.

Alicia J · Feb 1, 2024

I paused ESET and here is the result:

opyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! Migrating from Windows PowerShell 5.1 to PowerShell 7 - PowerShell

PS C:\WINDOWS\system32> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -Command if (((Get-AppxPackage -Name 'EsetContextMenu').length -ne '1') -Or ((Get-AppxPackage -Name 'EsetContextMenu').version -ne '10.39.35.0')) { Get-AppxPackage -Name 'EsetContextMenu' | Remove-AppxPackage; Add-AppxPackage -Path 'C:\Program Files\ESET\ESET Security\EsetContextMenu.msix' -ExternalLocation 'C:\Program Files\ESET\ESET Security\' }

Alicia J · Feb 1, 2024

I still get the same pop up with ESET paused.

x BlueRobot · Feb 2, 2024

You need to stop it from loading at login, I'm not sure what you mean exactly by "paused"?

Code:

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v egui /f

Please reboot the computer and then run the following command to ensure that it is gone:

Code:

reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Alicia J · Feb 2, 2024

I’ll do this when I have access to PC later today.

Alicia J · Feb 2, 2024

First command results:
indows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! Migrating from Windows PowerShell 5.1 to PowerShell 7 - PowerShell

PS C:\WINDOWS\system32> reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v egui /f
>>
ERROR: Access is denied.
PS C:\WINDOWS\system32>

Alicia J · Feb 2, 2024

I think there's a driver involved in denying access. Can I disable the eset service with autoruns64.exe?

Alicia J · Feb 3, 2024

I used autorun to stop service (unchecked) and ran command.

Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! Migrating from Windows PowerShell 5.1 to PowerShell 7 - PowerShell

PS C:\WINDOWS\system32> C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -Command if (((Get-AppxPackage -Name 'EsetContextMenu').length -ne '1') -Or ((Get-AppxPackage -Name 'EsetContextMenu').version -ne '10.39.35.0')) { Get-AppxPackage -Name 'EsetContextMenu' | Remove-AppxPackage; Add-AppxPackage -Path 'C:\Program Files\ESET\ESET Security\EsetContextMenu.msix' -ExternalLocation 'C:\Program Files\ESET\ESET Security\'

Now I will reboot.

Alicia J · Feb 3, 2024

THat did not fix the issue of the pop up window.

Alicia J · Feb 3, 2024

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! Migrating from Windows PowerShell 5.1 to PowerShell 7 - PowerShell

PS C:\WINDOWS\system32> reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v egui /f
ERROR: Access is denied.
PS C:\WINDOWS\system32> reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v egui /f

x BlueRobot · Feb 4, 2024

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download the attached fixlist.txt and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Alicia J · Feb 4, 2024

I don't see a fixlist.txt to download. Never mind! You mean the one you provided. Sorry.

Alicia J · Feb 4, 2024

Here it is. (I think I ran it twice).

x BlueRobot · Feb 4, 2024

Hmm, looks like ESET has protected that key so it can't be deleted. Could you please boot into Safe Mode and then run the FRST script from there or disable ESET from running at startup, there may be a setting within ESET itself which should control that.

Alicia J · Feb 4, 2024

I’ll check the GUI again for a place to stop from running at startup. I’m assuming safe mode in windows 11 is similar to 10.

Alicia J · Feb 4, 2024

I already tried to uncheck the real time protection. That didn't made a difference. I don't see any other option in the app itself.

I ran the FRST script in safe mode. Attached is the results.

Alicia J · Feb 4, 2024

I did try a shut down and then restarted the system just to see, I still have the pop up window.

x BlueRobot · Feb 5, 2024

Thanks, it looks like that the value was successfully removed, however, let's just double check to see it hasn't been added back after you booted up.

Code:

reg query  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v egui

Alicia J · Feb 5, 2024

indows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Install the latest PowerShell for new features and improvements! Migrating from Windows PowerShell 5.1 to PowerShell 7 - PowerShell

PS C:\WINDOWS\system32> reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v egui

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
egui REG_SZ "C:\Program Files\ESET\ESET Security\ecmdS.exe" /run /hide /proxy

PS C:\WINDOWS\system32>
PS C:\WINDOWS\system32>

x BlueRobot · Feb 5, 2024

It looks like ESET has added that registry value back, which I suspected would be the case, please remove ESET completely - at least for troubleshooting purposes - using the ESET removal tool: [KB2289] Manually uninstall your ESET product using the ESET uninstaller tool

Once that has run, please reboot the machine and then check for the same registry value again using the command posted in post #39. If it still exists, then please run the FRST script from earlier in Safe Mode and then reboot back into Windows as you normally would.

Fix 'Get-AppxPackage' popup on login

Account Closed

My Computer

Well-known member

My Computers

Well-known member

My Computers

Account Closed

My Computer

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Well-known member

My Computers

Account Closed

Attachments

My Computer

Well-known member

Attachments

My Computers

Well-known member

Attachments

My Computers

Account Closed

My Computer

Well-known member

My Computers

Well-known member

Attachments

My Computers

Well-known member

My Computers

Account Closed

My Computer

Well-known member

My Computers

Account Closed

My Computer

Similar threads