Cannot Run CMD, Regedit or reged32 from Start Run
I have 3 machines on a network having this problem. If i try to run any of the above the Desktop goes blank then the icons reappear. Seems to be some sort of Virus or Spyware as it has spread to 3 machines.
I have run superantispyware, it comes up relavtivly clean only a few adware cookies. Same problem happens in safe mode.
Ran Symantec antivirus, comes up clean. Can get into the registry using a third party registry editor but the usally suspects appear clean.
Ran CCleaner - Nothing, reinstalled SP 3 - still same problem.
Installed the lastest version of AVG and ran scan with that, still comes up clean.
Super Antispyware not allowed to update, tells me the firewall is stopping it, but the firewall on the machine is disabled. We have a corporate firewall which is not blockig access to the site.
I can run Command from the Start Run menu.
Hijackthis comes up ok.
Tried to rename cmd.exe to oldcmd.exe but a new copy appears straight away. The version on the machine is the same size as the version on the xp cd.
Any ideas, when it was just one machine I was going to reinstall XP but cant now with it spreading.
I have run superantispyware, it comes up relavtivly clean only a few adware cookies. Same problem happens in safe mode.
Ran Symantec antivirus, comes up clean. Can get into the registry using a third party registry editor but the usally suspects appear clean.
Ran CCleaner - Nothing, reinstalled SP 3 - still same problem.
Installed the lastest version of AVG and ran scan with that, still comes up clean.
Super Antispyware not allowed to update, tells me the firewall is stopping it, but the firewall on the machine is disabled. We have a corporate firewall which is not blockig access to the site.
I can run Command from the Start Run menu.
Hijackthis comes up ok.
Tried to rename cmd.exe to oldcmd.exe but a new copy appears straight away. The version on the machine is the same size as the version on the xp cd.
Any ideas, when it was just one machine I was going to reinstall XP but cant now with it spreading.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try to boot from a cd with utilities (Hiren's boot cd) and scan machine http://www.9down.com/Hiren-s-BootCD-9-8-Keyboard-Patch-73110/.
hirens cd is illegal - should not be recommended on EE
i suggest running ALL these :
Spybot : http://www.download.com/3000-8022-10122137.html
MBAM : http://www.malwarebytes.org/mbam.php
http://housecall.trendmicro.com/ online scan for trojans
http://www.spychecker.com/program/hijackthis.html download
http://www.hijackthis.de/index.php?langselect=english check the logfile
i suggest running ALL these :
Spybot : http://www.download.com/3000-8022-10122137.html
MBAM : http://www.malwarebytes.org/mbam.php
http://housecall.trendmicro.com/ online scan for trojans
http://www.spychecker.com/program/hijackthis.html download
http://www.hijackthis.de/index.php?langselect=english check the logfile
ASKER
Thanks Houssam, that solved it. Have done two machines now going to do the last one. thanks for your help
you are most welcome mate