Solved

unable to open command prompt in windows 2003 server

Posted on 2011-09-12
18
683 Views
Last Modified: 2013-11-22
I m unable to open command prompt in windows 2003 server.the command windows just disappears in a second. I am using kaspersky antivirus for file servers.
0
Comment
Question by:vanspanck
  • 7
  • 5
  • 4
  • +1
18 Comments
 
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 36522818
did you try using the /k option. For example cmd /k
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36523010
Does the Task Manager stay up? Regedit as well? If it were w threat, these two would probably also be blocked from staying up.....

0
 

Author Comment

by:vanspanck
ID: 36523102
cmd /k did'nt worked
Both taskmanager and regedit are running in the start --> run window
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 36523119
Are you just typing cmd or cmd.exe?
0
 

Author Comment

by:vanspanck
ID: 36523269
neither cmd /k nor cmd.exe /k is working.
0
 
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 36524052
did you check whether cmd.exe exists? or else right click on my computer icon, select properties, click on advanced tab, click on environment variables and find whether you can see the comspec in it as shown in the image and let me know
 CMD
0
 

Author Comment

by:vanspanck
ID: 36524099
yes shasunder it has this entry at the location as mentioned above
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 36524104
Have you tried copied a clean version of cmd.exe over the current one?  (from either installation disks or i386 directory)
0
 
LVL 17

Expert Comment

by:Shanmuga Sundaram
ID: 36524177
please check whether cmd.exe exists in the displayed path. if you are able to find the file in the path then try replacing it as tzucker said
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 36524286
If replacing this file works, then you may have some serious problems to deal with next.  Either a user with heightened privileges is messing with you, or (more likely) your server has been compromised.  The former case case is easy - find out who it is and lock them out, the latter is more problematic.  

If you've been compromised, your best solution is to rebuild your server.  If you don't want to do that, at the very least you will need to open a new question here about troubleshooting a compromised 2003 server.  You'll need to start by finding out whether you have a rootkit or not.  See my article on rootkits (http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_2245-Anti-rootkit-software.html) for further explanation.  you will probably also need to run several anti-malware apps on it: see younghv's articles:

http://www.experts-exchange.com/Digital_Living/Software/A_1958-MALWARE-An-Ounce-of-Prevention.html
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_5124-Stop-the-Bleeding-First-Aid-for-Malware.html
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_1940-BASIC-MALWARE-TROUBLESHOOTING.html
0
 

Author Comment

by:vanspanck
ID: 36524593
1) cmd.exe existsa in the displayed path
2) I  tried copying cmd.exe from another system but it did'nt worked.
3)on deleting it from system32 folder it restores itself from \windows\system32\dllcache folder
4) i am not able to reach dllcache folder for deleting it from there.
5) following entries are shown in startup on doing msconfig(snap shot attached)
6)Two cmd.exe processes are also found running when the system boots up (in taskmanager window)
7) how can the clean version of cmd.exe replaced at both \system32 folder as well as \dll cache folder.


"Bye for now see you tomorrow in the evening"
msconfig-startup.JPG
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 36524753
I just looked at my 2003 server and there is no cmd.exe fill in the dllcache folder.  Did you try running one of the free rootkit detectors in my article to see if you have a rootkit?  You might try doing everything using a remote pc and the luser app.  DO NOT RDP in or you'll have the same problems.  Is this server setup with a RAID configuration? Is it RAID 5?

Also there should only be 1 cmd.exe process running
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 36524771
This is my list of startup items:

Caption                      Command                                                               User                
ctfmon.exe                   C:\WINDOWS\system32\ctfmon.exe                                        NT AUTHORITY\SYSTEM  
desktop                      desktop.ini                                                           CA\Administrator    
ctfmon.exe                   C:\WINDOWS\system32\ctfmon.exe                                        CA\Administrator    
ctfmon.exe                   C:\WINDOWS\system32\ctfmon.exe                                        .DEFAULT            
desktop                      desktop.ini                                                           All Users            
bacstray                     C:\Program Files\Broadcom\BACS\BacsTray.exe                           All Users            
Popup                        "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe"  All Users            
ccApp                        "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"             All Users            
vptray                       C:\PROGRA~1\SYMANT~1\VPTray.exe                                       All Users            
WD Button Manager            WDBtnMgr.exe                                                          All Users            
Adobe Reader Speed Launcher  "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"             All Users            
Adobe ARM                    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"            All Users            
DWQueuedReporting            "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t                    All Users    
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36527339
Why cant you reach the dllcache folder?
0
 
LVL 17

Accepted Solution

by:
Shanmuga Sundaram earned 50 total points
ID: 36527498
better try using SFC. this should help you
0
 

Author Comment

by:vanspanck
ID: 36561540
Dear friends,
I tried using "Malawarebytes" antimalaware demo version it detected some malawares which i removed from the system.
At the same time i also copied backup of the dllcache folder to dllcache folder (Did'nt checked immediately after running the antimalaware )
After all this the command prompt prompt was opeining(cmd.exe)
At the same I also tried using sfc then it asked for windows 2003 media. when i inserted the media it gave an error message that unknown media found. I then tried using several other media an drives but it continued giving the same message.
After all this when i tried restoring the sql database i received some strange errors,which are as shown in the snapshot.
 sql snap
0
 

Author Comment

by:vanspanck
ID: 36561591
i only retrieved the situation by removing my database and restoring the database backup again.
Although my that was running on sql started running, but error that are previously are still appearing when i tries to restore the database backups.It indicates that there is some problem in sql installation as well.
So the real solution should have been to reisntall the windows as well as sql database.
This query can be considered to have been closed. ]
thamx for all your support
I think that as suggested by shasunder running sfc might have been the most likely and appropriate answer.
0
 

Author Closing Comment

by:vanspanck
ID: 36561611
I could'nt reach the exact solution but as suggested by shashunder, his answer has been most likely.

thanx
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question