Solved

unable to open command prompt in windows 2003 server

Posted on 2011-09-12
18
676 Views
Last Modified: 2013-11-22
I m unable to open command prompt in windows 2003 server.the command windows just disappears in a second. I am using kaspersky antivirus for file servers.
0
Comment
Question by:vanspanck
  • 7
  • 5
  • 4
  • +1
18 Comments
 
LVL 17

Expert Comment

by:Shanmuga Sundaram
Comment Utility
did you try using the /k option. For example cmd /k
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Does the Task Manager stay up? Regedit as well? If it were w threat, these two would probably also be blocked from staying up.....

0
 

Author Comment

by:vanspanck
Comment Utility
cmd /k did'nt worked
Both taskmanager and regedit are running in the start --> run window
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Are you just typing cmd or cmd.exe?
0
 

Author Comment

by:vanspanck
Comment Utility
neither cmd /k nor cmd.exe /k is working.
0
 
LVL 17

Expert Comment

by:Shanmuga Sundaram
Comment Utility
did you check whether cmd.exe exists? or else right click on my computer icon, select properties, click on advanced tab, click on environment variables and find whether you can see the comspec in it as shown in the image and let me know
 CMD
0
 

Author Comment

by:vanspanck
Comment Utility
yes shasunder it has this entry at the location as mentioned above
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Have you tried copied a clean version of cmd.exe over the current one?  (from either installation disks or i386 directory)
0
 
LVL 17

Expert Comment

by:Shanmuga Sundaram
Comment Utility
please check whether cmd.exe exists in the displayed path. if you are able to find the file in the path then try replacing it as tzucker said
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
If replacing this file works, then you may have some serious problems to deal with next.  Either a user with heightened privileges is messing with you, or (more likely) your server has been compromised.  The former case case is easy - find out who it is and lock them out, the latter is more problematic.  

If you've been compromised, your best solution is to rebuild your server.  If you don't want to do that, at the very least you will need to open a new question here about troubleshooting a compromised 2003 server.  You'll need to start by finding out whether you have a rootkit or not.  See my article on rootkits (http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2245-Anti-rootkit-software.html) for further explanation.  you will probably also need to run several anti-malware apps on it: see younghv's articles:

http://www.experts-exchange.com/Digital_Living/Software/A_1958-MALWARE-An-Ounce-of-Prevention.html
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_5124-Stop-the-Bleeding-First-Aid-for-Malware.html
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_1940-BASIC-MALWARE-TROUBLESHOOTING.html
0
 

Author Comment

by:vanspanck
Comment Utility
1) cmd.exe existsa in the displayed path
2) I  tried copying cmd.exe from another system but it did'nt worked.
3)on deleting it from system32 folder it restores itself from \windows\system32\dllcache folder
4) i am not able to reach dllcache folder for deleting it from there.
5) following entries are shown in startup on doing msconfig(snap shot attached)
6)Two cmd.exe processes are also found running when the system boots up (in taskmanager window)
7) how can the clean version of cmd.exe replaced at both \system32 folder as well as \dll cache folder.


"Bye for now see you tomorrow in the evening"
msconfig-startup.JPG
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
I just looked at my 2003 server and there is no cmd.exe fill in the dllcache folder.  Did you try running one of the free rootkit detectors in my article to see if you have a rootkit?  You might try doing everything using a remote pc and the luser app.  DO NOT RDP in or you'll have the same problems.  Is this server setup with a RAID configuration? Is it RAID 5?

Also there should only be 1 cmd.exe process running
0
 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
This is my list of startup items:

Caption                      Command                                                               User                
ctfmon.exe                   C:\WINDOWS\system32\ctfmon.exe                                        NT AUTHORITY\SYSTEM  
desktop                      desktop.ini                                                           CA\Administrator    
ctfmon.exe                   C:\WINDOWS\system32\ctfmon.exe                                        CA\Administrator    
ctfmon.exe                   C:\WINDOWS\system32\ctfmon.exe                                        .DEFAULT            
desktop                      desktop.ini                                                           All Users            
bacstray                     C:\Program Files\Broadcom\BACS\BacsTray.exe                           All Users            
Popup                        "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"  All Users            
ccApp                        "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"             All Users            
vptray                       C:\PROGRA~1\SYMANT~1\VPTray.exe                                       All Users            
WD Button Manager            WDBtnMgr.exe                                                          All Users            
Adobe Reader Speed Launcher  "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"             All Users            
Adobe ARM                    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"            All Users            
DWQueuedReporting            "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t                    All Users    
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Why cant you reach the dllcache folder?
0
 
LVL 17

Accepted Solution

by:
Shanmuga Sundaram earned 50 total points
Comment Utility
better try using SFC. this should help you
0
 

Author Comment

by:vanspanck
Comment Utility
Dear friends,
I tried using "Malawarebytes" antimalaware demo version it detected some malawares which i removed from the system.
At the same time i also copied backup of the dllcache folder to dllcache folder (Did'nt checked immediately after running the antimalaware )
After all this the command prompt prompt was opeining(cmd.exe)
At the same I also tried using sfc then it asked for windows 2003 media. when i inserted the media it gave an error message that unknown media found. I then tried using several other media an drives but it continued giving the same message.
After all this when i tried restoring the sql database i received some strange errors,which are as shown in the snapshot.
 sql snap
0
 

Author Comment

by:vanspanck
Comment Utility
i only retrieved the situation by removing my database and restoring the database backup again.
Although my that was running on sql started running, but error that are previously are still appearing when i tries to restore the database backups.It indicates that there is some problem in sql installation as well.
So the real solution should have been to reisntall the windows as well as sql database.
This query can be considered to have been closed. ]
thamx for all your support
I think that as suggested by shasunder running sfc might have been the most likely and appropriate answer.
0
 

Author Closing Comment

by:vanspanck
Comment Utility
I could'nt reach the exact solution but as suggested by shashunder, his answer has been most likely.

thanx
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now