Question

  • Creator
    Topic
  • #2146465

    system32\cmd.exe POP-UP’s

    Locked

    by stetienne1 ·

    Hi this is my first post, I apologize for any protocol errors. I’m trying to fix a friends computer but at startup I get 6 blank popup windows with “windows\system32\cmd.exe” headings. These then disappear one by one after about 10 seconds. Does anyone know what this is, if it is harmful, and how I can fix it? Many thanks, Nick.

All Answers

  • Author
    Replies
    • #2460772

      Clarifications

      by stetienne1 ·

      In reply to system32\cmd.exe POP-UP’s

      Clarifications

    • #2460734

      Try this…WARNING could make your computer unstable if done wrong.

      by Anonymous ·

      In reply to system32\cmd.exe POP-UP’s

      HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe – double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there

      Fix these with HJT ? mark them, close IE, click fix checked

      O4 – HKLM\..\Run: [WINDOWS SYSTEM MANAGER] \spoolsvc.exe

      O4 – HKLM\..\RunServices: [WINDOWS SYSTEM MANAGER] \spoolsvc.exe

      O23 – Service: Local Security Authority Subsystem Service (lsass) – Unknown owner – C:\WINDOWS\lsass.exe
      =============

      Click Start > Run > and type in:

      services.msc

      Click OK.

      In the services window find this EXACT name

      Local Security Authority Subsystem Service

      Rightclick and choose “Properties”. On the “General” tab under “Service Status” click the “Stop” button to stop the service. Beside “Startup Type” in the dropdown menu select “Disabled”. Click Apply then OK. File-Exit the Services utility.

      +++++++++++++++++++++++
      DL http://www.downloads.subratam.org/KillBox.zip

      Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

      Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the “Full Path of File to Delete” box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the “Paste Full Path of File to Delete” box.

      C:\WINDOWS\lsass.exe

      Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don’t miss any.

      Exit the Killbox.

      START ? RUN ? type in %temp% OK – Edit ? Select all ? File ? Delete
      Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
      Empty the recycle bin

      Please post back if you have any more problems or questions.

    • #2563560

      try

      by pc-guru ·

      In reply to system32\cmd.exe POP-UP’s

      go to the run box and type msconfig
      hit enter and uncheck any start up items or services that are unneeded and reboot and see if they go away

      • #2564484

        thanks, have tried that

        by stetienne1 ·

        In reply to try

        hi, that was the first thing i did but i wil go back and check again and let you know. cheers.

        • #2564481

          then mabee

          by pc-guru ·

          In reply to thanks, have tried that

          get somthing like spybot search and detroy and run a scan….also awesome tool hijackthis you can download it from hijackthis.de it tells you everything install on you system

        • #2564406

          yup

          by stetienne1 ·

          In reply to then mabee

          tried that too, thanks. have done all the obvious stuff, nothing is working! c’est la vie…

    • #2564382

      A couple of [i]other[/i] things to try …

      by older mycroft ·

      In reply to system32\cmd.exe POP-UP’s

      First, what is appearing in your Event Viewer after Windows had finished loading? ‘System’ or ‘Application’ might have entries for the timeouts of the pop-ups.

      Also, try running ‘Autoruns’
      http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

      It may give a better view of the errant routines. If you find ’em, untick ’em. 🙂

    • #2564362

      Couple of T’s & Q’s

      by rob miners ·

      In reply to system32\cmd.exe POP-UP’s

      Check your Startup Folder to see if there is anything in there, you should be looking for .BAT .CMD or it could be a disguised .EXE.

      Check these settings in the Registry as well. A call like this from the Registry could invoke a CMD.exe The value parameter in a RunOnce entry is a quoted string that has the following form: “Rundll32[.exe] DllName,EntryPoint[Arguments]”

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

      Check what Processes are running. Quick check in Taskmanager for any instances of CMD.exe

      Do a search for .bat and .CMD files on the PC you can check them and you may be able to associate them with something.

      Add these lines to Boot.ini and check the Logs.

      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect /NoExecute=OptIn /SOS /bootlog

      This will create a file in c:\windows named Ntbtlog.txt

      Read the file and look at what has been loaded.

      Also download and install CCleaner to tidy up your Registry. Let it run through until there are no errors left.

      http://www.ccleaner.com/download

      http://msdn.microsoft.com/en-us/library/aa906371.aspx

      http://msdn.microsoft.com/en-us/library/aa906348.aspx

      How long has this been happening. What have you installed recently. If it is only recent try a System Restore.

    • #2563159

      “windows\system32\cmd.exe”.. A solution maybe..

      by Anonymous ·

      In reply to system32\cmd.exe POP-UP’s

      This usually opens when a batch file is created. have you created one recently, or have you downloaded something with it in it?
      What is a batch file exactly?
      It is a file containing a series of DOS commands i.e. a very basic scripting language.
      This might be a solution to your problem:

      Download & run the Fixswen.inf file. Save the fixswen.inf file to your local hard disk, right-click on the file and choose install.
      http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662

      Please post back if you have any more problems or questions.

Viewing 5 reply threads