Solved

CMD.EXE and REGEDIT don't work

Posted on 2009-04-14
16
1,480 Views
Last Modified: 2013-11-22
I have a Dell laptop running Windows XP Media Center with SP3 installed.  There is wireless connectivity to a Verizon FIOS modem/router using WEP security.  (I know it needs to be changed to WPA2).  Here is the problem with supporting information:

1. Neither CMD.EXE nor REGEDIT.EXE will run from Start > Run.  (They appear to start then just disappear.)
  a.  I can, however, run COMMAND.COM and then run CMD.EXE within that.  
  b.  I can "jump" to REGEDIT from a registry link within AutoRuns.  
2. Unlike other people here on Experts Exchange with a similar problem, I can run both MSCONFIG.EXE and TASKMGR.EXE.
3. When I plug a known good Ethernet cable from the FIOS router to the laptop, there is no connection.
   a. The numbered Ethernet light on the FIOS router doesn't light and the wired network icon in the system tray shows as "unplugged".
   b. However, when running in Safe Mode with Networking, the router lights and tray icon display properly.
4. When I click on a "search engine results" link in a browser (either IE7 or Firefox), I get redirected to some other site, but when I paste the link directly into the browser's address bar, I go to the correct site.
5. I ran a check for the Conficker worm/virus at  http://www.confickerworkinggroup.org and it came out negative.
6. I ran a full Trend-Micro anti-virus scan and it revealed no viruses.
7. I ran a full MalwareBytes scan and it removed some questionable registry entries, but nothing else.
8. I ran both F-Secure Blacklight and Sysinternals (Microsoft) RootKit Revealer.  Neither showed anything out of the ordinary.
Does anyone have any ideas as to what this may be and how to remove it?
Thanks.
Michael
0
Comment
Question by:msklein
  • 6
  • 4
  • 3
  • +2
16 Comments
 
LVL 20

Expert Comment

by:MightySW
ID: 24139401
Hi,
Run SFC /scannow from start, run.  

You will need the XP CD.

http://www.updatexp.com/scannow-sfc.html

HTH
0
 

Author Comment

by:msklein
ID: 24139515
I tried to run SFC /scannow, but it asks for the Windows XP Media Center SP3 CD.  The upgrade to SP3 was done through Windows Update, so I don't have an SP3 CD.  Suggesions?
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24139551
Did you try to just insert the original CD?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 20

Expert Comment

by:MightySW
ID: 24139559
If that works then install SP3 after SFC completes.

Either that or reinstall SP3 and see if that does the trick.
0
 
LVL 13

Expert Comment

by:myderrick
ID: 24140220
Download CCleaner - http://www.ccleaner.com/ and run and after download hijackthis - http://www.spychecker.com/program/hijackthis.html or http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download and run after the ccleaner.

Good luck

MD
0
 
LVL 4

Expert Comment

by:jason_woods
ID: 24140706
Another option is MalwareBytes:
http://malwarebytes.org/
 It can install and run in safe mode as well as update (highly recommended).
0
 
LVL 17

Expert Comment

by:houssam_ballout
ID: 24140794
0
 

Accepted Solution

by:
msklein earned 0 total points
ID: 24143311
Although none of the replies solved the problem, I thank all of you for trying.  After much research, I found the exact problem along with the solution at http://www.bleepingcomputer.com/forums/topic211718.html.  I suggest you all take a look as this virus/malware/trojan is quite tricky.  It installs as a randomly named drive in the C:\Windows folder and can be found by checking the Registry entry cited in the solution link above.  It isn't currently detected by Malwarebytes, Spybot, Trend-Micro PC-Cillin, or any other major anti-malware/anti-virus product.  Fortunately, it's more of an annoyance than anything else.
Thanks again for your efforts.  No points will be awarded.
0
 
LVL 4

Expert Comment

by:jason_woods
ID: 24143347
Glad it worked.
Please close the thread by accepting your comment.
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24143468
I object.  Both Jason and Houssam both were on that it was malware.  Houssam even gave you the site to try.  Please accept Houssam's answer and give assist to Jason.

Thanks
0
 

Author Comment

by:msklein
ID: 24144262
MightySW, if you re-read my initial post, you'll note that in item #7 I mentioned that I had already run Malwarebytes.  As for Houssam's suggesting combofix, although it happened to be on the site for the reference I cited, the actual solution came from the Sysinternals forum http://forum.sysinternals.com/forum_posts.asp?TID=18420.  I found that post by Googling "CMD.EXE and REGEDIT don't work".  The author of that post references the bleepingcomputer post, so I felt the original author deserved the citation.  Finally, all references to using combofix are quite emphatic that it should not be used without the guidance of a HijackThis expert.
0
 
LVL 4

Expert Comment

by:jason_woods
ID: 24144310
Not to push the issue too far, but are you saying the Malwarebytes, fully updated and running in safe mode did not find this?
Was the only fix for it to use HiJackThis and manually remove the file listed?
Did any other utility find anything?

This post will be quite useless for others to read without knowing the steps you took. If the only steps were to talk to a sysinternals guide then, please, let us know.
0
 

Author Comment

by:msklein
ID: 24144415
Jason,
Yes, that's exactly what I'm saying.  Malwarebytes, fully updated and running in safe mode, did not find this; nor did the latest versions of Spybot Search & Destroy and Trend Micro PC-Cillin.  After finding the post(s) cited, I did the following:
1. I ran Sysinternals AutoRuns and clicked on a Registry entry displayed to run Regedit.
2. I navigated to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] and checked the "aux" and "aux1" value strings.  The aux1 had a "funny" value in it, with strange letters and a strange extension, so I deleted it.
3. I ran HijackThis, clicked on the "Open the Misc Tools section", clicked on the "Delete a file on reboot..." and selected the file I found in the "aux1" Registry string.
4. I rebooted the computer and everything was fixed.
No other utility found anything and I didn't talk to any Sysinternals guide.  I located a dead-on relevant post in the Sysinternals forum using a Google search.
I hope that clarifies things.
Michael
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24148866
Nice fix.  

Thanks for the clarification.

Please close again and I will not object this time :)

Have a nice day!
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24148883
4) PAQ refund if the Asker answered his/her own question
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Read about achieving the basic levels of HRIS security in the workplace.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now