Jump to content

Home

cmd and regedit wont work!

JesusIsGonnaOwnSatan

Recommended Posts

JesusIsGonnaOwnSatan Newbie

JesusIsGonnaOwnSatan

Posted
Posted

Halp! whenever i try to open cmd, i get a message saying that 'it cant be found'! the same thing happens with regedit! i havnt been messing around the windows folder, and i havnt used these tools in a while.

 

here are some screenhots of the problem: (dont worry, theyre all tiny)

cmd:

7145852149a9382491879l.jpg

 

*click*

7145852149a9382491923l.jpg

 

 

regedit:

7145852149a9382492227l.jpg

 

*click*

7145852149a9382491982l.jpg

 

so i go into the windows folder to find it...

7145852149a9382492027l.jpg

 

*double click*

7145852149a9382492027l.jpg

 

the same with cmd:

.../system32

7145852149a9382492110l.jpg

 

*double click*

7145852149a9382492167l.jpg

 

the computer in question's specs:

xp pro sp2 (2002)

p4 2.00GHz

512mb of RAM

peculiars: has no modem or internet connection.

 

i have no idea why this is happening. :giveup:

Link to comment
Share on other sites
JesusIsGonnaOwnSatan Newbie

JesusIsGonnaOwnSatan

Posted
  • Author
Posted
1.) Have you tried restarting your computer?

 

2.) Have you scanned for viruses?

restarting does nothing. and it has no internet, so everything on it is ridiculously outdated. :(

Have you considered posting this in the tech forum?!!

 

Local mods: plz move at your covenience !

 

mtfbwya

 

but i did post in the tech forum.... didnt i? where did you find the thread?
Link to comment
Share on other sites
Astrotoy7 Newbie

Astrotoy7

Posted
Posted

lolz... how bizarre.. the thread seems to be mirroring in both locations...why? I do not know!

 

OK>>

 

The very obvious culprit is the vista theme pack you have installed on it. Is it the 'Vista Transformation Pack' - was it done recently? Trojans hidden into are often responsible for corrupting these files, often replacing them with surrogates cmd.com and regedit.com

 

There are numerous ways to go about it. Rather than throw a bunch of solutions at you >> check this first

Start>run>cmd.exe do the same for regedit with regedit.exe

 

what happens?

 

 

mtfbwya

Link to comment
Share on other sites
Astrotoy7 Newbie

Astrotoy7

Posted
Posted

OK Jesus :D

 

we'll leave rooting out the cause for the moment ;) Just be aware that trojans get bundled in with popular downloads if downloaded from 'dubious places' ;)

 

in any event > try this > find the application files as you listed in your first post. When you right click regedit and cmd > under properties are they listed as .exe application files or .com files ?? They should be .exe files as in this example below

 

regedit.png

 

also, have you run an adware/spyware/virus scan so far ? Even If that particular pc is not directly connected to the net, it is still vulnerable if youve installed program/apps or transferred files onto it from external sources. A friend of mine recently got a virus infected file on a usb stick which he unwittingly spread around :p

 

also, from the run prompt, can you also start the taskmanager?

 

start>run>taskmgr

 

let us know how it goes

 

astro

Link to comment
Share on other sites
JesusIsGonnaOwnSatan Newbie

JesusIsGonnaOwnSatan

Posted
  • Author
Posted
run chkdsk and see if there's any bad sectors on your hd

i ran chkdsk (start>run>chkdsk) and it scanned, found nothing and disappeared.

7145852149a9407263066l.jpg

i tried chkdsk C: /r and this happens:

7145852149a9407263013l.jpg

so i restart, it tries to scan, and says "volume in use by another process", and doesnt scan, and continues with the startup.

chkdsk /f:

7145852149a9407263030l.jpg

this time when it restarts, it does nothing about it. weird.

in any event > try this > find the application files as you listed in your first post. When you right click regedit and cmd > under properties are they listed as .exe application files or .com files ?? They should be .exe files as in this example below

both are apps:

7145852149a9407263039l.jpg

7145852149a9407263054l.jpg

 

also, from the run prompt, can you also start the taskmanager?

yeah it runs.

 

im pretty sure there must be a virus/trojan on my comp, but since i dont have a modem, i ran a scan on an ancient and ridiculously outdated avg, and it yielded no results. :/

Link to comment
Share on other sites
Astrotoy7 Newbie

Astrotoy7

Posted
Posted

hehe - the exe extension is missing on those :)

 

enable filetype extensions to see what extension they have now.

 

In case you dont know how to do this: (IIRC in xp)

Open any folder>Tools>Folder options>view>

uncheck "hide exensions for known filetypes" this makes everything display with its filtype. eg. regedit.exe

 

mtfbwya

Link to comment
Share on other sites
Astrotoy7 Newbie

Astrotoy7

Posted
Posted
xp doesnt display the extension in the properties window if hide extensions for known file types is checked. and if it didnt use the exe extension it probably wouldnt even display the embedded ico in explorer.

 

lolz... Youve never met W32.Alcra.A? anyone who has run p2p like limewire or kazza without protection meets this gem, or one of its relatives :D (also sneaks in with files that have done the rounds on p2p.) I met it many times in the ole days :p

 

@ Jesus >

 

OK. we've establised that they are not .com files... next !

 

1. Run the System File Checker to check and reinstate important system files it identifies as being corrupt. You will most likely need original xp disc if it cant find valid backups of the system files it wants to restore hence

 

To do this start>run and type in

sfc /scannow

 

This command will immediately start the Windows File Protection(WFP) service to scan all protected files, replacing any files with which it finds a problem.

 

read this page for further detail and instructions about SFC

 

2. Try an offline malware/antivirus program(ie. you downloan it elsewhere and bring it over to you offline pc)

A commonly used one is the Sysclean Utility fromn Trend Micro. Make sure you download the version for nijn TrendMicro customers. and read the text fiel listed belowit for instructions.

 

If that doesnt work

 

(backup anything hugely important on this pc if you want to do this)

 

3. Try an xp repair install. If you are not sure what that is here is a newbie user friendly How to I dug up for you ;)

 

** I am curious though Jesus, what is that altered theme - what app is it running from (eg, windows blinds?) and more importantly, where did it come from? Its just that its remarkably likely for that to be the culprit as the file that allowed the bug to hitch a ride onto your offline pc.... :)

 

Good luck :)

 

mtfbwya

Link to comment
Share on other sites
JesusIsGonnaOwnSatan Newbie

JesusIsGonnaOwnSatan

Posted
  • Author
Posted
lolz... Youve never met W32.Alcra.A? anyone who has run p2p like limewire or kazza without protection meets this gem, or one of its relatives (also sneaks in with files that have done the rounds on p2p.) I met it many times in the ole days

hmm could be that. ive used limewire before

 

OK. we've establised that they are not .com files... next !

i should point out: i think that i tried running cmd through start>accessories>command prompt once, and i think it came up as .com... im not sure. but now it doesnt run at all.

 

i ran sfc and its asking me for the os cd...

that computer of mine is an ex office computer, and when i got it i got the computer, a mouse, and a keyboard. no xp cd!

the os is completely legal, its just that i dont have the cd. :/

 

now im 98% sure theres a bug in that comp of mine. i have a usb flash drive that i use to shuttle files from an online comp to my one. i took it with me to a friend's place and when he stuck it in his computer, his norton popped up saying there was a trojan on my flash drive. his norton put it in quarantine. all the threat meters were at maximum, saying it was a very dangerous. :eyepop the trojan was in a file called autorun.pif

whenever i stick the drive into my vista, as always it asks me what to do with the drive. included in the options is run autorun.pif, which of course i never click. i tried scanning it with avg, and it didnt come up with anything. now, i just formatted my stick just to make sure, before using it to transfer the trend micro scanner. and now autorun.pif isnt there anymore. i always keep avg, spybot, and windows updated, but they didnt pick it up.

the question is, is this bug the culprit for messing with cmd and regedit?

 

[edit] ok, now im 100% sure that bug is on the offline comp... i just put the three files for sysclean on the usb stick right after formatting, and stuck it in the offline comp, opened up the drive, and there were the three sysclean files... and a random fourth folder called "recorded TV"

(wth?!!) when i stuck back into the online comp (which is a laptop btw... its easier to say) and lo and behold, autorun.pif is an option again! so i deleted the sysclean on my computer(which i shall call the IBM, because its an IBM and its also less tedious to say) and formatted the usb stick on the laptop again, looked to make sure there was nothing in it, put it back in the IBM, then back to the laptop and autorun.pif is back. it seems to be put on the moment the drive is insertes into the infected computer.

*horror*

 

ok, i ran the scanner it scanned, and it found 3 files with viruses. it was set to automitacally fix problems so the bug is gone? not sure.should i attach the log file?

hmm, im lookin at the logfile and i think i have the winxp dll folder already on my IBM... ill have to check.

but i still need regedit to make it work lol.

 

3. Try an xp repair install. If you are not sure what that is here is a newbie user friendly How to I dug up for you

lol im not a noob, ;) but i suppose i come off as one with all those screenshots and all... actually, i dont usually do that. i just feel sreenie happy right now :lol: hmm, in kotor terms id be like, a lvl 12 computer geek or something. (lvl cap 20)

but its good the tutorial for noobs: i havnt done it before and simpler is always better. ususally id google the problem, get referred to some forum and follow instructions etc. but since LF has its own tech forum, and also sometimes when you google you dont find the exact same problem as yours, i went with LF. (and to test you guys out :lol:)

;)

 

 

** I am curious though Jesus, what is that altered theme - what app is it running from (eg, windows blinds?) and more importantly, where did it come from? Its just that its remarkably likely for that to be the culprit as the file that allowed the bug to hitch a ride onto your offline pc....

its a them from deviantart. i actually found out about it from here.(scroll down to "give xp that vista look")

i used uxpatcher. it says if you want the original file back, just run the patcher again.

Link to comment
Share on other sites
JesusIsGonnaOwnSatan Newbie

JesusIsGonnaOwnSatan

Posted
  • Author
Posted
not having the original OS CD sucks. Its always good to have one around

tell me about it. lol. but i have the i386 folder on the comp, and a friend told me i could stick in on a cd and use that for WFP...

ill have to unpatch the ux dll before though.

No chance of connecting the pcs via LAN and using ICS?

share the connection? whenever i try, it never connects properly. always 'limited or no connectivity'. the last time i tried doing that,(which was last year i think) i was ripping my hair out trying to fix that problem. i still havnt. :ball:

 

so i think ill try putting i386 onto a cd and see what happens.

Link to comment
Share on other sites
JesusIsGonnaOwnSatan Newbie

JesusIsGonnaOwnSatan

Posted
  • Author
Posted

i wasnt able to do anything about the problem thanks to circumstances till today.

i found a guide to create a boot cd from the i386 folder, and oh, what a wonderfully tedious process. :dozey:

and guess what? i found the virus on another xp of mine! yippee! home edition this time. shouldve expected this really.

 

this is gonna take some time

 

ill update on any new developments :thumbsup:

Link to comment
Share on other sites
  • 2 months later...
JesusIsGonnaOwnSatan Newbie

JesusIsGonnaOwnSatan

Posted
  • Author
Posted

ok. so ive been dealing with this problem with a nice dose of procrastination until now...

 

i just found another victim on that idiot trojan's hitlist: msconfig. gah, with all these utilities gone, it doesnt matter if the virus has been thrown out (which i think it has been), i need to repair the files!

to do that i need the xp cd, which i dont have. i386 seems to be the answer, but ive lost the guide that i found to create a setup disc put of it.

astro, when you mentioned sfc, that was to repair the messed up cmd and regedit utilities, right? ive heard i can make sfc use i386 as the source to make repairs... but ive also heard that the way do that is through regedit, which is dead. is there any other way to do this?

 

you also asked me if i could use internet connection sharing... i just got that problem solved and i can use my laptop to connect my ibm to the interwebs. what were you intending with it?

Link to comment
Share on other sites
  • 3 months later...
JesusIsGonnaOwnSatan Newbie

JesusIsGonnaOwnSatan

Posted
  • Author
Posted

alright, some new developments: i found the xp cd for my xp home comp that also had the virus and corrupted utilities. it was buried under piles of stuff in a drawer somewhere. thankfully, it was in my special box where i keep all my driver cds! which means that im home free -- time to reinstall! :emodanc:

 

ive gathered all important files into one backup folder which i shall then put on another hard drive which i shall stick in the comp.

 

but i have a question: can the virus jump to the new hd like it does to usb flash drives? because in that case, i'll have to stick a cd writer drive in and use cds to back the files up...

 

regardless, im going to have to blast the disk(s) with an arsenal of anti-baddie software before i copy the files to the new install

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...