Question
-
CreatorTopic
-
May 8, 2008 at 5:39 am #2146465
system32\cmd.exe POP-UP’s
Lockedby stetienne1 · about 14 years ago
Hi this is my first post, I apologize for any protocol errors. I’m trying to fix a friends computer but at startup I get 6 blank popup windows with “windows\system32\cmd.exe” headings. These then disappear one by one after about 10 seconds. Does anyone know what this is, if it is harmful, and how I can fix it? Many thanks, Nick.
Topic is locked -
CreatorTopic
All Answers
-
AuthorReplies
-
-
May 8, 2008 at 5:39 am #2460772
Clarifications
by stetienne1 · about 14 years ago
In reply to system32\cmd.exe POP-UP’s
Clarifications
-
May 8, 2008 at 6:40 am #2460734
Try this…WARNING could make your computer unstable if done wrong.
by Anonymous · about 14 years ago
In reply to system32\cmd.exe POP-UP’s
HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe – double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there
Fix these with HJT ? mark them, close IE, click fix checked
O4 – HKLM\..\Run: [WINDOWS SYSTEM MANAGER] \spoolsvc.exe
O4 – HKLM\..\RunServices: [WINDOWS SYSTEM MANAGER] \spoolsvc.exe
O23 – Service: Local Security Authority Subsystem Service (lsass) – Unknown owner – C:\WINDOWS\lsass.exe
=============Click Start > Run > and type in:
services.msc
Click OK.
In the services window find this EXACT name
Local Security Authority Subsystem Service
Rightclick and choose “Properties”. On the “General” tab under “Service Status” click the “Stop” button to stop the service. Beside “Startup Type” in the dropdown menu select “Disabled”. Click Apply then OK. File-Exit the Services utility.
+++++++++++++++++++++++
DL http://www.downloads.subratam.org/KillBox.zipRestart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:
Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the “Full Path of File to Delete” box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the “Paste Full Path of File to Delete” box.
C:\WINDOWS\lsass.exe
Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don’t miss any.
Exit the Killbox.
START ? RUN ? type in %temp% OK – Edit ? Select all ? File ? Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle binPlease post back if you have any more problems or questions.
-
May 11, 2008 at 2:08 pm #2461934
Sorry that doesn’t work
by stetienne1 · about 14 years ago
In reply to Try this…WARNING could make your computer unstable if done wrong.
Nope, thanks for your advice but I had none of those files on the computer. I did as you suggested, step by step, but I’m still getting 6 blank ‘windows\system32\cmd.exe’ pop-up screens on startup, which then disappear one by one. Any further suggestions will be gratefully explored.
Many thanks
Nick-
May 11, 2008 at 2:26 pm #2461925
Did you delete your “Temp files”?
by Anonymous · about 14 years ago
In reply to Sorry that doesn’t work
This could be important because this little program could run from there.
Please post back if you have any more problems or questions.
-
May 11, 2008 at 2:28 pm #2461924
Another way is to get a pop up blocker..
by Anonymous · about 14 years ago
In reply to Did you delete your “Temp files”?
http://www.download.com/Popup-Blocker-Software/3150-7786_4-0.html
Please post back if you have any more problems or questions.
-
May 15, 2008 at 11:42 am #2563567
Sorry, still not solving it
by stetienne1 · about 14 years ago
In reply to Another way is to get a pop up blocker..
Hi, put a pop-up blocker on but still getting the messages (cascaded small command line windows which then disappear) when the main Windows screen is loading.
🙂 -
May 15, 2008 at 11:43 am #2563565
yes
by stetienne1 · about 14 years ago
In reply to Did you delete your “Temp files”?
yes i deleted temp files
-
May 16, 2008 at 11:18 am #2563453
Ok ..Try this…
by Anonymous · about 14 years ago
In reply to Sorry that doesn’t work
http://www.spotmau.com/
Download this a run it.. 🙂Please post back if you have any more problems or questions.
-
May 17, 2008 at 8:44 am #2563166
-
-
-
May 15, 2008 at 11:52 am #2563560
try
by pc-guru · about 14 years ago
In reply to system32\cmd.exe POP-UP’s
go to the run box and type msconfig
hit enter and uncheck any start up items or services that are unneeded and reboot and see if they go away-
May 15, 2008 at 4:05 pm #2564484
thanks, have tried that
by stetienne1 · about 14 years ago
In reply to try
hi, that was the first thing i did but i wil go back and check again and let you know. cheers.
-
May 15, 2008 at 4:30 pm #2564481
then mabee
by pc-guru · about 14 years ago
In reply to thanks, have tried that
get somthing like spybot search and detroy and run a scan….also awesome tool hijackthis you can download it from hijackthis.de it tells you everything install on you system
-
May 15, 2008 at 10:30 pm #2564406
yup
by stetienne1 · about 14 years ago
In reply to then mabee
tried that too, thanks. have done all the obvious stuff, nothing is working! c’est la vie…
-
-
-
May 16, 2008 at 1:42 am #2564382
A couple of [i]other[/i] things to try …
by older mycroft · about 14 years ago
In reply to system32\cmd.exe POP-UP’s
First, what is appearing in your Event Viewer after Windows had finished loading? ‘System’ or ‘Application’ might have entries for the timeouts of the pop-ups.
Also, try running ‘Autoruns’
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspxIt may give a better view of the errant routines. If you find ’em, untick ’em. 🙂
-
May 16, 2008 at 3:37 am #2564362
Couple of T’s & Q’s
by rob miners · about 14 years ago
In reply to system32\cmd.exe POP-UP’s
Check your Startup Folder to see if there is anything in there, you should be looking for .BAT .CMD or it could be a disguised .EXE.
Check these settings in the Registry as well. A call like this from the Registry could invoke a CMD.exe The value parameter in a RunOnce entry is a quoted string that has the following form: “Rundll32[.exe] DllName,EntryPoint[Arguments]”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
Check what Processes are running. Quick check in Taskmanager for any instances of CMD.exe
Do a search for .bat and .CMD files on the PC you can check them and you may be able to associate them with something.
Add these lines to Boot.ini and check the Logs.
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect /NoExecute=OptIn /SOS /bootlog
This will create a file in c:\windows named Ntbtlog.txt
Read the file and look at what has been loaded.
Also download and install CCleaner to tidy up your Registry. Let it run through until there are no errors left.
http://www.ccleaner.com/download
http://msdn.microsoft.com/en-us/library/aa906371.aspx
http://msdn.microsoft.com/en-us/library/aa906348.aspx
How long has this been happening. What have you installed recently. If it is only recent try a System Restore.
-
May 17, 2008 at 9:23 am #2563159
“windows\system32\cmd.exe”.. A solution maybe..
by Anonymous · about 14 years ago
In reply to system32\cmd.exe POP-UP’s
This usually opens when a batch file is created. have you created one recently, or have you downloaded something with it in it?
What is a batch file exactly?
It is a file containing a series of DOS commands i.e. a very basic scripting language.
This might be a solution to your problem:Download & run the Fixswen.inf file. Save the fixswen.inf file to your local hard disk, right-click on the file and choose install.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662Please post back if you have any more problems or questions.
-
-
AuthorReplies