novaguy
asked on
can't run regedit or cmd
I too cannot run regedit or cmd
Desktop goes blank for a second, then refreshes
Noticed that several programs that normally sit in system tray aren't starting, but can be manually started. This includes Norton Security.
I've run a boatload of registry cleaners and virus scanners - everything is clean
No policies are enabled
I found a 3rd party regeditor that works. Using that, I found nothing in the way of
DisableRegistryTools or DisableCMD
Previous post regarding this subject concluded reload the OS - not a good option
Desktop goes blank for a second, then refreshes
Noticed that several programs that normally sit in system tray aren't starting, but can be manually started. This includes Norton Security.
I've run a boatload of registry cleaners and virus scanners - everything is clean
No policies are enabled
I found a 3rd party regeditor that works. Using that, I found nothing in the way of
DisableRegistryTools or DisableCMD
Previous post regarding this subject concluded reload the OS - not a good option
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I assume you can't run them from" c:\<windir>\system32\" either, correct?
There's an as-yet unrecognized virus/malware that grabs the "aux" entry under
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows NT\CurrentVersion\Drivers3 2]
or in some cases adds an aux2=
The malware entry will generally be a random file in your \windows directory
the aux entry should be C:\windows\system32\wdmaud .drv or simply wdmaud.drv
to gain access to the registry, press ctrl+del, run task manager, kill the process for windows explorer, then use the task manager "run" option to run "regedit" (you'll be able to run cmd at this point too)
fix the registry entry, make sure you find and delete the malware file too. You may well experience other issues but at least this should kill the malware.
[HKEY_LOCAL_MACHINE\SOFTWA
or in some cases adds an aux2=
The malware entry will generally be a random file in your \windows directory
the aux entry should be C:\windows\system32\wdmaud
to gain access to the registry, press ctrl+del, run task manager, kill the process for windows explorer, then use the task manager "run" option to run "regedit" (you'll be able to run cmd at this point too)
fix the registry entry, make sure you find and delete the malware file too. You may well experience other issues but at least this should kill the malware.
ASKER
combofix fix did the trick