Solved

Cannot run cmd or regedit

Posted on 2009-04-06
7
1,234 Views
Last Modified: 2012-05-06
Clicking Start Run and then typing in cmd or regedit seem to reset explorer.  Everything goes away and then comes back.  IE won't stay lit either.
Any registry settings that I should check?
XP Pro w/SP3
0
Comment
Question by:classnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 14

Expert Comment

by:theras2000
ID: 24082363
Sounds like something needs repairing.  Try typing in 'sfc /checknow' into the Run box (requires the Win CD) to repair some system files.
0
 

Author Comment

by:classnet
ID: 24082524
Yeah...  I tried an inplace repair.  You get to a point where you enter the key and  then several minutes later a portion of the repair starts over and you're entering the key again.  Endless loop.
Ran sfc to no avail.
Can't boot to a PE CD... not enough RAM.
0
 
LVL 14

Expert Comment

by:theras2000
ID: 24084542
Bugger.  The lack of RAM for PE sounds odd.
Have you looked through the Event Logs.  You should be able to see some errors or codes that can lead you on a path of googling to see what is causing the mini-crashing.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 23

Expert Comment

by:Mohamed Osama
ID: 24091348
Could also mean malware infection, some malware will disable regedit,CMD,Task manager,etc..
Downoad Malwarebytes anti-malware, Install, update & run a full scan.
also showing us a hijack this log can help.
finally it may also be a good idea to run an online scan at Kaspersky Online , Please post back any logs .

0
 
LVL 1

Accepted Solution

by:
flucto earned 500 total points
ID: 24188406
There's an as-yet unrecognized virus/malware that grabs the "aux" entry under

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

or in some cases adds an aux2=

The malware entry will generally be a random file in your \windows directory

the aux entry should be C:\windows\system32\wdmaud.drv or simply wdmaud.drv

to gain access to the registry, press ctrl+del, run task manager, kill the process for windows explorer, then use the task manager "run" option to run "regedit" (you'll be able to run cmd at this point too)

fix the registry entry, make sure you find and delete the malware file too.  You may well experience other issues but at least this should kill the malware.
0
 

Author Closing Comment

by:classnet
ID: 31567281
Thanks!
0
 

Expert Comment

by:visionmn2
ID: 24368046
We also had this issue and this was the resolution - Thank you!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TCP Chat/GPS application security thru firewall 4 55
Virus detection 6 46
best opensource encryption 9 65
Exchange 2010 certificate warning. 5 36
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question