my XP Pro will not accept command, >start>run>cmd

Discussion in 'Malware Help (A Specialist Will Reply)' started by ktyeo, Jun 22, 2005.

  1. ktyeo

    ktyeo Private E-2

    My winxppro will not accept command..
    1. start>run>cmd
    2. start>run>regedit

    error shown on screen is:

    title= 16bit MS-DOS subsystem
    error codes =
    c:\windows\system32\cmd.com
    c:\windows\system32\autoexec.bat.nt. The system file is not suitable for running ms-dos and microsoft windows applications. choose 'close' to erminate the application.

    choice = close / ignore

    pls assist is u hv solution..

    TIA
    /kt
     
    ktyeo, Jun 22, 2005
    #1
  2. ktyeo

    ktyeo Private E-2

    also if I do >start>run>regedit
    I get this error:
    A dos prompt windows open then another error windows opens with this text..
    16 bit ms-dos subsystem

    error windows shows:
    c:\windows\system32\regedit.com
    th NTVDM CPU has encountered an illegal instrauctions.
    CS:0e4d IP:0104 OP:ff fd 1f 58 5d choose 'close' to terminate the application.

    then there is 2 radio button = close and ignore

    however, if i type regedit.exe instead of just regedit, the registry editor opens..

    hmm. what actually has happened?...
     
    ktyeo, Jun 22, 2005
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is probably not a malware problem and you may be better off discussing this in the Software Forum. However to be sure it is not malware, follow the steps below.

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Jun 22, 2005
    #3
  4. ktyeo

    ktyeo Private E-2

    Hi chaslang
    thks for ur reply

    I managed to find out that it was a virus, variant of Win32.Alcan.A. I cannot find the removal tool nor write up but there is a winupdates folder which is active in c:\program files\winupdates

    I managed to remove it in safe mode. Also some command copied into *.exe to *.com, eg cmd.exe has a copy in c:\windows\system32\cmd.com

    Here is my log. hopefully it is a clean log, need ur advise if I am saved!
    TIA

    If I succeeded with a clean log, if others reading this need my help, do let me know. wud be glad to assist.
    /kt
     

    Attached Files:

    ktyeo, Jun 23, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you know what the below 4 lines are for? What is iKey?
    C:\WINDOWS\iKeyInit.exe
    C:\WINDOWS\iKeyDtch.exe
    O4 - HKLM\..\Run: [iKey Initialization] C:\WINDOWS\iKeyInit.exe
    O4 - HKLM\..\Run: [iKey Detacher] C:\WINDOWS\iKeyDtch.exe

    Is this proxy server a valid setting for you?
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=localhost:5003;

    The below should be fixed with HJT.
    O15 - Trusted Zone: *.netmyne.com
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
     
    chaslang, Jun 23, 2005
    #5
  6. Hardmarkerin

    Hardmarkerin Private First Class

    I dont think its a spyware problem

    This issue may occur if one or more of the following files are missing or damaged:

    • Config.nt
    • Autoexec.nt
    • Command.com

    RESOLUTION
    To resolve this issue:


    In SAFE MODE

    1. Insert the Win XP CD into the CD drive or DVD drive.
    2. Click Start, and then click Run.
    3. In the Open box, type cmd, and then click OK.
    4. At the command prompt, type the following commands, pressing ENTER after each command:


    expand X:\i386\config.nt_ c:\windows\system32\config.nt
    expand X:\i386\autoexec.nt_ c:\windows\system32\autoexec.nt
    expand X:\i386\command.co_ c:\windows\system32\command.com

    exit

    Take the CD out
    Restart the Comp

    Then Try and see if you can Work
     
    Hardmarkerin, Jun 23, 2005
    #6
  7. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    The best an easiest way to fix the "16-bit MS-DOS Subsystem error " is to run the utility for it.

    Download XP Fix
     
    bjgarrick, Jun 23, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    BJ & Hardmarkerin,

    According to the users last message I believe that problem is already fixed. Read the users last message.
     
    chaslang, Jun 23, 2005
    #8
  9. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    I was just making it clear that the utility is easier than doing all of those steps. ;)
     
    bjgarrick, Jun 23, 2005
    #9
  10. ktyeo

    ktyeo Private E-2

    tqvm for the help of all of u.

    all the above are fine,..... all being used by my software, except this :"http://ny.contentmatch.net"]http://ny.contentmatch.net". I really don't know what is it for.

    should I delete it?
    tq
     
    ktyeo, Jun 24, 2005
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes that's what I said in the previous message. "Fix with HJT"
     
    chaslang, Jun 24, 2005
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds