Strange problem with XP Pro

[Asterix]

Guys here is the thing im facing


Cmd.exe is intiating itself or something else executing it as a system process it is not just one or two but more and more instances start till the entire ram is taken then on askin for new process then XP will say not enough resources...

Here is what i did till now

Ran a complete Virus Check - Nothing turned up
Checked the startup both in the folder and registry nothin suspicous only the standard apps

So if u guys have ne idea whats goin on or point me to a place where i can ask for help or look for help....

That would be a lot of help

Asterix

[DreamCaster]

Hey Asterix
Came across this when I googled your issue. Check it out here
Hope this helps

~Peace
DC

[Asterix]

Really thx for lookin arnd DC but here is the thing that guy says at the end

Quote:

Final update - eventually nothing at all worked. I did a total reinstall of Win XP and it seemed to have sorted it, and it worked for about a week, but god knows what happened then as it suddenly decided to spit untold numbers of error messages at me, saying that 'net.exe' and cmd.exe could not be accessed. I restarted the machine but that was the last I saw of it - no matter what I did it simply refused to boot up at all, to safe mode or normally, no matter what I tried.

And I'm sad to report that I bowed to the beastly virus, if that's what it was, and bought a new PC.

Thanks for your help, those who replied - all I can to anyone else who comes up against this net.exe. and cmd.exe nightmare is, well, you're screwed, basically. I hope you have better luck than I.

Cheers,
Chris.

Hope it wont come to that end to me

[~*LdY*LaFFs*~]

my 2 cts..

utilize web virus scanners : Norton's, McAfee, AVG, Housecall...etc
Often where one scanner doesn't pick up a definition, another might...

After ridding of any viruses detected.. I'd still recommend a reformat or system restore point. Keep in mind tht any data you saved (a hidden .exe, operation..) could possibly re-infect your system, so keep a good AV and Trojan scanner running. Personally, i keep monitors running so tht i am alerted whenever there's system changes. I'm also in the habit of not leaving my pc unattended online. I just find prevention is easier thn getting out from under an attack...BTDT.

Good Luck!

[dalert0140]

have you tried windows updates?
it might be an issue already fixed in a service pack or something

just a though

[Asterix]

Im on Sp1....

But really... coz existence of cmd is sort of rouge process i dont what is causing it

[iAvalance]

A pity you can't track which process is spawning/forking the shells.

If it would be a virus, you probably would see a message telling you what the programmer of it would tell the world.

Maybe I didn't read well, but since you haven't seen such message, I think it's a 'feature' of windows.
The problem of a reinstall of windows over a previous install is that all you errors are migrated as well. Think about the mighty register, it's simply merged with a 'default' registry, so if the problem resides in there you simply copy it over.

Like ldylaffs says, a format/install (a.k.a. clean reinstall) is the best solution...

[Asterix]

yeah that is also what i plannin on doin Complete clean reinstall....

But clean reinstalls is such a pain all the softwares have to reinstalled

[rastagard]

Make a copy of your Documents and Settings folder before you reformat. That is where most of your programs keep your individualized settings.After you install a new program, go to your copied D & S folder>Computername( I have several User Names as well, some programs keep the settings in, but most use this folder)>Application data(must enable viewing of hidden folders to see this) > most if not all of your programs should have folders in here with your settings. Just copy them and paste them into the same directory and say yes when Windows asks if you want to replace the current folder with the copied one. This will reinstate the program to the way you had it set up before the reformat.


I doubt that the problem you are having is related to the program settings, so you should be safe doing this. But if it is, this will definately allow you to isolate it to the offending setting.

[iAvalance]

Personally I would not copy the NTUSER.DAT file, since it's your personal part of the registry, and probably contains all kinds of mess. If you start from scratch you better keep your registry clean as well!

[~*LdY*LaFFs*~]

Regular Registry Maintenance = Very Good
Keeps your sys clean and reveals if a prg has auto-loaded some'um you would've rejected. In today's digital signatures...software is being packed with this new development (aside from your basic spyware and crap).

[Asterix]

Still no reinstall...

But it seems im infected by some sort of trojan coz couple of my settings were screwed.... and luckily no major damage yet....now i have installed Zone Alarm firewall... and after that i havent cmd spawning...

Hope it stays like that....

[~*LdY*LaFFs*~]

ZA is blocking the culprit (good good), now identify it and take it out of your sys registry..

[Asterix]

The thing I am on a campus LAN and we are very heavily firewalled frm Internet and we never had worms or trojans in our nascent LAN...

Now whatever it is it seems to be activated remotely coz once I installed ZA i have yet to see a rouge cmd process or a program access warning

So im still waiting to find out what it is???

[~*LdY*LaFFs*~]

You could watch your ports, but then you'd have to let 'em in to identify WHO's actually remote accessing you..

Glad ya got it blocked. Er, fyi..ZA is not unpenetrable, but then again neither were your school's FW's.