• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 701
  • Last Modified:

unable to open command prompt in windows 2003 server

I m unable to open command prompt in windows 2003 server.the command windows just disappears in a second. I am using kaspersky antivirus for file servers.
0
vanspanck
Asked:
vanspanck
  • 7
  • 5
  • 4
  • +1
1 Solution
 
Shanmuga SundaramCommented:
did you try using the /k option. For example cmd /k
0
 
johnb6767Commented:
Does the Task Manager stay up? Regedit as well? If it were w threat, these two would probably also be blocked from staying up.....

0
 
vanspanckAuthor Commented:
cmd /k did'nt worked
Both taskmanager and regedit are running in the start --> run window
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
Thomas Zucker-ScharffSystems AnalystCommented:
Are you just typing cmd or cmd.exe?
0
 
vanspanckAuthor Commented:
neither cmd /k nor cmd.exe /k is working.
0
 
Shanmuga SundaramCommented:
did you check whether cmd.exe exists? or else right click on my computer icon, select properties, click on advanced tab, click on environment variables and find whether you can see the comspec in it as shown in the image and let me know
 CMD
0
 
vanspanckAuthor Commented:
yes shasunder it has this entry at the location as mentioned above
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Have you tried copied a clean version of cmd.exe over the current one?  (from either installation disks or i386 directory)
0
 
Shanmuga SundaramCommented:
please check whether cmd.exe exists in the displayed path. if you are able to find the file in the path then try replacing it as tzucker said
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
If replacing this file works, then you may have some serious problems to deal with next.  Either a user with heightened privileges is messing with you, or (more likely) your server has been compromised.  The former case case is easy - find out who it is and lock them out, the latter is more problematic.  

If you've been compromised, your best solution is to rebuild your server.  If you don't want to do that, at the very least you will need to open a new question here about troubleshooting a compromised 2003 server.  You'll need to start by finding out whether you have a rootkit or not.  See my article on rootkits (http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2245-Anti-rootkit-software.html) for further explanation.  you will probably also need to run several anti-malware apps on it: see younghv's articles:

http://www.experts-exchange.com/Digital_Living/Software/A_1958-MALWARE-An-Ounce-of-Prevention.html
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_5124-Stop-the-Bleeding-First-Aid-for-Malware.html
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_1940-BASIC-MALWARE-TROUBLESHOOTING.html
0
 
vanspanckAuthor Commented:
1) cmd.exe existsa in the displayed path
2) I  tried copying cmd.exe from another system but it did'nt worked.
3)on deleting it from system32 folder it restores itself from \windows\system32\dllcache folder
4) i am not able to reach dllcache folder for deleting it from there.
5) following entries are shown in startup on doing msconfig(snap shot attached)
6)Two cmd.exe processes are also found running when the system boots up (in taskmanager window)
7) how can the clean version of cmd.exe replaced at both \system32 folder as well as \dll cache folder.


"Bye for now see you tomorrow in the evening"
msconfig-startup.JPG
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I just looked at my 2003 server and there is no cmd.exe fill in the dllcache folder.  Did you try running one of the free rootkit detectors in my article to see if you have a rootkit?  You might try doing everything using a remote pc and the luser app.  DO NOT RDP in or you'll have the same problems.  Is this server setup with a RAID configuration? Is it RAID 5?

Also there should only be 1 cmd.exe process running
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
This is my list of startup items:

Caption                      Command                                                               User                
ctfmon.exe                   C:\WINDOWS\system32\ctfmon.exe                                        NT AUTHORITY\SYSTEM  
desktop                      desktop.ini                                                           CA\Administrator    
ctfmon.exe                   C:\WINDOWS\system32\ctfmon.exe                                        CA\Administrator    
ctfmon.exe                   C:\WINDOWS\system32\ctfmon.exe                                        .DEFAULT            
desktop                      desktop.ini                                                           All Users            
bacstray                     C:\Program Files\Broadcom\BACS\BacsTray.exe                           All Users            
Popup                        "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"  All Users            
ccApp                        "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"             All Users            
vptray                       C:\PROGRA~1\SYMANT~1\VPTray.exe                                       All Users            
WD Button Manager            WDBtnMgr.exe                                                          All Users            
Adobe Reader Speed Launcher  "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"             All Users            
Adobe ARM                    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"            All Users            
DWQueuedReporting            "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t                    All Users    
0
 
johnb6767Commented:
Why cant you reach the dllcache folder?
0
 
Shanmuga SundaramCommented:
better try using SFC. this should help you
0
 
vanspanckAuthor Commented:
Dear friends,
I tried using "Malawarebytes" antimalaware demo version it detected some malawares which i removed from the system.
At the same time i also copied backup of the dllcache folder to dllcache folder (Did'nt checked immediately after running the antimalaware )
After all this the command prompt prompt was opeining(cmd.exe)
At the same I also tried using sfc then it asked for windows 2003 media. when i inserted the media it gave an error message that unknown media found. I then tried using several other media an drives but it continued giving the same message.
After all this when i tried restoring the sql database i received some strange errors,which are as shown in the snapshot.
 sql snap
0
 
vanspanckAuthor Commented:
i only retrieved the situation by removing my database and restoring the database backup again.
Although my that was running on sql started running, but error that are previously are still appearing when i tries to restore the database backups.It indicates that there is some problem in sql installation as well.
So the real solution should have been to reisntall the windows as well as sql database.
This query can be considered to have been closed. ]
thamx for all your support
I think that as suggested by shasunder running sfc might have been the most likely and appropriate answer.
0
 
vanspanckAuthor Commented:
I could'nt reach the exact solution but as suggested by shashunder, his answer has been most likely.

thanx
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 7
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now