Solved

CMD.EXE and REGEDIT don't work

Posted on 2009-04-14
16
1,477 Views
Last Modified: 2013-11-22
I have a Dell laptop running Windows XP Media Center with SP3 installed.  There is wireless connectivity to a Verizon FIOS modem/router using WEP security.  (I know it needs to be changed to WPA2).  Here is the problem with supporting information:

1. Neither CMD.EXE nor REGEDIT.EXE will run from Start > Run.  (They appear to start then just disappear.)
  a.  I can, however, run COMMAND.COM and then run CMD.EXE within that.  
  b.  I can "jump" to REGEDIT from a registry link within AutoRuns.  
2. Unlike other people here on Experts Exchange with a similar problem, I can run both MSCONFIG.EXE and TASKMGR.EXE.
3. When I plug a known good Ethernet cable from the FIOS router to the laptop, there is no connection.
   a. The numbered Ethernet light on the FIOS router doesn't light and the wired network icon in the system tray shows as "unplugged".
   b. However, when running in Safe Mode with Networking, the router lights and tray icon display properly.
4. When I click on a "search engine results" link in a browser (either IE7 or Firefox), I get redirected to some other site, but when I paste the link directly into the browser's address bar, I go to the correct site.
5. I ran a check for the Conficker worm/virus at  http://www.confickerworkinggroup.org and it came out negative.
6. I ran a full Trend-Micro anti-virus scan and it revealed no viruses.
7. I ran a full MalwareBytes scan and it removed some questionable registry entries, but nothing else.
8. I ran both F-Secure Blacklight and Sysinternals (Microsoft) RootKit Revealer.  Neither showed anything out of the ordinary.
Does anyone have any ideas as to what this may be and how to remove it?
Thanks.
Michael
0
Comment
Question by:msklein
  • 6
  • 4
  • 3
  • +2
16 Comments
 
LVL 20

Expert Comment

by:MightySW
ID: 24139401
Hi,
Run SFC /scannow from start, run.  

You will need the XP CD.

http://www.updatexp.com/scannow-sfc.html

HTH
0
 

Author Comment

by:msklein
ID: 24139515
I tried to run SFC /scannow, but it asks for the Windows XP Media Center SP3 CD.  The upgrade to SP3 was done through Windows Update, so I don't have an SP3 CD.  Suggesions?
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24139551
Did you try to just insert the original CD?
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24139559
If that works then install SP3 after SFC completes.

Either that or reinstall SP3 and see if that does the trick.
0
 
LVL 13

Expert Comment

by:myderrick
ID: 24140220
Download CCleaner - http://www.ccleaner.com/ and run and after download hijackthis - http://www.spychecker.com/program/hijackthis.html or http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download and run after the ccleaner.

Good luck

MD
0
 
LVL 4

Expert Comment

by:jason_woods
ID: 24140706
Another option is MalwareBytes:
http://malwarebytes.org/
 It can install and run in safe mode as well as update (highly recommended).
0
 
LVL 17

Expert Comment

by:houssam_ballout
ID: 24140794
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Accepted Solution

by:
msklein earned 0 total points
ID: 24143311
Although none of the replies solved the problem, I thank all of you for trying.  After much research, I found the exact problem along with the solution at http://www.bleepingcomputer.com/forums/topic211718.html.  I suggest you all take a look as this virus/malware/trojan is quite tricky.  It installs as a randomly named drive in the C:\Windows folder and can be found by checking the Registry entry cited in the solution link above.  It isn't currently detected by Malwarebytes, Spybot, Trend-Micro PC-Cillin, or any other major anti-malware/anti-virus product.  Fortunately, it's more of an annoyance than anything else.
Thanks again for your efforts.  No points will be awarded.
0
 
LVL 4

Expert Comment

by:jason_woods
ID: 24143347
Glad it worked.
Please close the thread by accepting your comment.
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24143468
I object.  Both Jason and Houssam both were on that it was malware.  Houssam even gave you the site to try.  Please accept Houssam's answer and give assist to Jason.

Thanks
0
 

Author Comment

by:msklein
ID: 24144262
MightySW, if you re-read my initial post, you'll note that in item #7 I mentioned that I had already run Malwarebytes.  As for Houssam's suggesting combofix, although it happened to be on the site for the reference I cited, the actual solution came from the Sysinternals forum http://forum.sysinternals.com/forum_posts.asp?TID=18420.  I found that post by Googling "CMD.EXE and REGEDIT don't work".  The author of that post references the bleepingcomputer post, so I felt the original author deserved the citation.  Finally, all references to using combofix are quite emphatic that it should not be used without the guidance of a HijackThis expert.
0
 
LVL 4

Expert Comment

by:jason_woods
ID: 24144310
Not to push the issue too far, but are you saying the Malwarebytes, fully updated and running in safe mode did not find this?
Was the only fix for it to use HiJackThis and manually remove the file listed?
Did any other utility find anything?

This post will be quite useless for others to read without knowing the steps you took. If the only steps were to talk to a sysinternals guide then, please, let us know.
0
 

Author Comment

by:msklein
ID: 24144415
Jason,
Yes, that's exactly what I'm saying.  Malwarebytes, fully updated and running in safe mode, did not find this; nor did the latest versions of Spybot Search & Destroy and Trend Micro PC-Cillin.  After finding the post(s) cited, I did the following:
1. I ran Sysinternals AutoRuns and clicked on a Registry entry displayed to run Regedit.
2. I navigated to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] and checked the "aux" and "aux1" value strings.  The aux1 had a "funny" value in it, with strange letters and a strange extension, so I deleted it.
3. I ran HijackThis, clicked on the "Open the Misc Tools section", clicked on the "Delete a file on reboot..." and selected the file I found in the "aux1" Registry string.
4. I rebooted the computer and everything was fixed.
No other utility found anything and I didn't talk to any Sysinternals guide.  I located a dead-on relevant post in the Sysinternals forum using a Google search.
I hope that clarifies things.
Michael
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24148866
Nice fix.  

Thanks for the clarification.

Please close again and I will not object this time :)

Have a nice day!
0
 
LVL 20

Expert Comment

by:MightySW
ID: 24148883
4) PAQ refund if the Asker answered his/her own question
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Mitigations for tagging & aggregator sites to our site 4 140
systemdown@india.com and McAfee 3 99
Event ID: 7023 / Source: Service Control Manager 4 94
Is this virus ? 6 36
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now