LucasForums

LucasForums (http://www.lucasforums.com/index.php)
-   General Tech Discussion (http://www.lucasforums.com/forumdisplay.php?f=691)
-   -   cmd and regedit wont work! (http://www.lucasforums.com/showthread.php?t=193711)

JesusIsGonnaOwnSatan 11-10-2008 03:23 AM

cmd and regedit wont work!
 
Halp! whenever i try to open cmd, i get a message saying that 'it cant be found'! the same thing happens with regedit! i havnt been messing around the windows folder, and i havnt used these tools in a while.

here are some screenhots of the problem: (dont worry, theyre all tiny)
cmd:
http://file039a.bebo.com/9/large/200...382491879l.jpg

*click*
http://file039a.bebo.com/9/large/200...382491923l.jpg


regedit:
http://file039a.bebo.com/9/large/200...382492227l.jpg

*click*
http://file039a.bebo.com/9/large/200...382491982l.jpg

so i go into the windows folder to find it...
http://file039a.bebo.com/9/large/200...382492027l.jpg

*double click*
http://file039a.bebo.com/9/large/200...382492027l.jpg

the same with cmd:
.../system32
http://file039a.bebo.com/9/large/200...382492110l.jpg

*double click*
http://file039a.bebo.com/9/large/200...382492167l.jpg

the computer in question's specs:
xp pro sp2 (2002)
p4 2.00GHz
512mb of RAM
peculiars: has no modem or internet connection.

i have no idea why this is happening. :giveup:

Hayden Kered 11-10-2008 03:59 AM

1.) Have you tried restarting your computer?

2.) Have you scanned for viruses?

Astrotoy7 11-10-2008 03:59 PM

Have you considered posting this in the tech forum?!!

Local mods: plz move at your covenience !

mtfbwya

JesusIsGonnaOwnSatan 11-10-2008 07:01 PM

Quote:

1.) Have you tried restarting your computer?

2.) Have you scanned for viruses?
restarting does nothing. and it has no internet, so everything on it is ridiculously outdated. :(
Quote:

Have you considered posting this in the tech forum?!!

Local mods: plz move at your covenience !

mtfbwya

but i did post in the tech forum.... didnt i? where did you find the thread?

Astrotoy7 11-10-2008 11:23 PM

lolz... how bizarre.. the thread seems to be mirroring in both locations...why? I do not know!

OK>>

The very obvious culprit is the vista theme pack you have installed on it. Is it the 'Vista Transformation Pack' - was it done recently? Trojans hidden into are often responsible for corrupting these files, often replacing them with surrogates cmd.com and regedit.com

There are numerous ways to go about it. Rather than throw a bunch of solutions at you >> check this first
Start>run>cmd.exe do the same for regedit with regedit.exe

what happens?


mtfbwya

JesusIsGonnaOwnSatan 11-12-2008 01:36 AM

ah, but its not the vista transformation pack. what i have is merely a theme for xp. its 'vista-esque,' but not like the actual thing. its a bit different.
.exe didnt work for either of them :( same problem.
i had this problem before i got the theme.

Det. Bart Lasiter 11-12-2008 02:12 AM

run chkdsk and see if there's any bad sectors on your hd

Astrotoy7 11-12-2008 09:46 AM

OK Jesus :D

we'll leave rooting out the cause for the moment ;) Just be aware that trojans get bundled in with popular downloads if downloaded from 'dubious places' ;)

in any event > try this > find the application files as you listed in your first post. When you right click regedit and cmd > under properties are they listed as .exe application files or .com files ?? They should be .exe files as in this example below

http://i215.photobucket.com/albums/c...y7/regedit.png

also, have you run an adware/spyware/virus scan so far ? Even If that particular pc is not directly connected to the net, it is still vulnerable if youve installed program/apps or transferred files onto it from external sources. A friend of mine recently got a virus infected file on a usb stick which he unwittingly spread around :p

also, from the run prompt, can you also start the taskmanager?

start>run>taskmgr

let us know how it goes

astro

JesusIsGonnaOwnSatan 11-13-2008 04:49 AM

Quote:

run chkdsk and see if there's any bad sectors on your hd
i ran chkdsk (start>run>chkdsk) and it scanned, found nothing and disappeared.
http://file046a.bebo.com/15/large/20...407263066l.jpg
i tried chkdsk C: /r and this happens:
http://file046a.bebo.com/15/large/20...407263013l.jpg
so i restart, it tries to scan, and says "volume in use by another process", and doesnt scan, and continues with the startup.
chkdsk /f:
http://file046a.bebo.com/15/large/20...407263030l.jpg
this time when it restarts, it does nothing about it. weird.
Quote:

in any event > try this > find the application files as you listed in your first post. When you right click regedit and cmd > under properties are they listed as .exe application files or .com files ?? They should be .exe files as in this example below
both are apps:
http://file046a.bebo.com/15/large/20...407263039l.jpg
http://file046a.bebo.com/15/large/20...407263054l.jpg

Quote:

also, from the run prompt, can you also start the taskmanager?
yeah it runs.

im pretty sure there must be a virus/trojan on my comp, but since i dont have a modem, i ran a scan on an ancient and ridiculously outdated avg, and it yielded no results. :/

Astrotoy7 11-13-2008 08:21 AM

hehe - the exe extension is missing on those :)

enable filetype extensions to see what extension they have now.

In case you dont know how to do this: (IIRC in xp)
Open any folder>Tools>Folder options>view>
uncheck "hide exensions for known filetypes" this makes everything display with its filtype. eg. regedit.exe

mtfbwya

Det. Bart Lasiter 11-13-2008 02:29 PM

Quote:

Originally Posted by Astrotoy7 (Post 2552987)
hehe - the exe extension is missing on those :)

xp doesnt display the extension in the properties window if hide extensions for known file types is checked. and if it didnt use the exe extension it probably wouldnt even display the embedded ico in explorer.

JesusIsGonnaOwnSatan 11-13-2008 10:33 PM

Quote:

hehe - the exe extension is missing on those

enable filetype extensions to see what extension they have now.
heh, oops. :animelol:
cant beleive i missed that.

unchecking doesnt do anything in the properties, but it shows them as exes in windows explorer.
http://file046a.bebo.com/13/large/20...413250031l.jpg
http://file046a.bebo.com/13/large/20...413250042l.jpg
http://file046a.bebo.com/13/large/20...413250023l.jpg
http://file046a.bebo.com/13/large/20...413250029l.jpg

Astrotoy7 11-14-2008 08:24 AM

Quote:

Originally Posted by jmac7142 (Post 2553097)
xp doesnt display the extension in the properties window if hide extensions for known file types is checked. and if it didnt use the exe extension it probably wouldnt even display the embedded ico in explorer.

lolz... Youve never met W32.Alcra.A? anyone who has run p2p like limewire or kazza without protection meets this gem, or one of its relatives :D (also sneaks in with files that have done the rounds on p2p.) I met it many times in the ole days :p

@ Jesus >

OK. we've establised that they are not .com files... next !

1. Run the System File Checker to check and reinstate important system files it identifies as being corrupt. You will most likely need original xp disc if it cant find valid backups of the system files it wants to restore hence

To do this start>run and type in
sfc /scannow

This command will immediately start the Windows File Protection(WFP) service to scan all protected files, replacing any files with which it finds a problem.

read this page for further detail and instructions about SFC

2. Try an offline malware/antivirus program(ie. you downloan it elsewhere and bring it over to you offline pc)
A commonly used one is the Sysclean Utility fromn Trend Micro. Make sure you download the version for nijn TrendMicro customers. and read the text fiel listed belowit for instructions.

If that doesnt work

(backup anything hugely important on this pc if you want to do this)

3. Try an xp repair install. If you are not sure what that is here is a newbie user friendly How to I dug up for you ;)

** I am curious though Jesus, what is that altered theme - what app is it running from (eg, windows blinds?) and more importantly, where did it come from? Its just that its remarkably likely for that to be the culprit as the file that allowed the bug to hitch a ride onto your offline pc.... :)

Good luck :)

mtfbwya

JesusIsGonnaOwnSatan 11-15-2008 11:52 PM

Quote:

lolz... Youve never met W32.Alcra.A? anyone who has run p2p like limewire or kazza without protection meets this gem, or one of its relatives (also sneaks in with files that have done the rounds on p2p.) I met it many times in the ole days
hmm could be that. ive used limewire before

Quote:

OK. we've establised that they are not .com files... next !
i should point out: i think that i tried running cmd through start>accessories>command prompt once, and i think it came up as .com... im not sure. but now it doesnt run at all.

i ran sfc and its asking me for the os cd...
that computer of mine is an ex office computer, and when i got it i got the computer, a mouse, and a keyboard. no xp cd!
the os is completely legal, its just that i dont have the cd. :/

now im 98% sure theres a bug in that comp of mine. i have a usb flash drive that i use to shuttle files from an online comp to my one. i took it with me to a friend's place and when he stuck it in his computer, his norton popped up saying there was a trojan on my flash drive. his norton put it in quarantine. all the threat meters were at maximum, saying it was a very dangerous. :eyepop the trojan was in a file called autorun.pif
whenever i stick the drive into my vista, as always it asks me what to do with the drive. included in the options is run autorun.pif, which of course i never click. i tried scanning it with avg, and it didnt come up with anything. now, i just formatted my stick just to make sure, before using it to transfer the trend micro scanner. and now autorun.pif isnt there anymore. i always keep avg, spybot, and windows updated, but they didnt pick it up.
the question is, is this bug the culprit for messing with cmd and regedit?

[edit] ok, now im 100% sure that bug is on the offline comp... i just put the three files for sysclean on the usb stick right after formatting, and stuck it in the offline comp, opened up the drive, and there were the three sysclean files... and a random fourth folder called "recorded TV"
(wth?!!) when i stuck back into the online comp (which is a laptop btw... its easier to say) and lo and behold, autorun.pif is an option again! so i deleted the sysclean on my computer(which i shall call the IBM, because its an IBM and its also less tedious to say) and formatted the usb stick on the laptop again, looked to make sure there was nothing in it, put it back in the IBM, then back to the laptop and autorun.pif is back. it seems to be put on the moment the drive is insertes into the infected computer.
*horror*

ok, i ran the scanner it scanned, and it found 3 files with viruses. it was set to automitacally fix problems so the bug is gone? not sure.should i attach the log file?
hmm, im lookin at the logfile and i think i have the winxp dll folder already on my IBM... ill have to check.
but i still need regedit to make it work lol.

Quote:

3. Try an xp repair install. If you are not sure what that is here is a newbie user friendly How to I dug up for you
lol im not a noob, ;) but i suppose i come off as one with all those screenshots and all... actually, i dont usually do that. i just feel sreenie happy right now :lol: hmm, in kotor terms id be like, a lvl 12 computer geek or something. (lvl cap 20)
but its good the tutorial for noobs: i havnt done it before and simpler is always better. ususally id google the problem, get referred to some forum and follow instructions etc. but since LF has its own tech forum, and also sometimes when you google you dont find the exact same problem as yours, i went with LF. (and to test you guys out :lol:)
;)


Quote:

** I am curious though Jesus, what is that altered theme - what app is it running from (eg, windows blinds?) and more importantly, where did it come from? Its just that its remarkably likely for that to be the culprit as the file that allowed the bug to hitch a ride onto your offline pc....
its a them from deviantart. i actually found out about it from here.(scroll down to "give xp that vista look")
i used uxpatcher. it says if you want the original file back, just run the patcher again.

Astrotoy7 11-18-2008 08:03 AM

not having the original OS CD sucks. Its always good to have one around ;)

If offline virus cleaning doesnt fix it, your best bet is a repair install.

No chance of connecting the pcs via LAN and using ICS?

mtfbwya

JesusIsGonnaOwnSatan 11-18-2008 05:41 PM

Quote:

not having the original OS CD sucks. Its always good to have one around
tell me about it. lol. but i have the i386 folder on the comp, and a friend told me i could stick in on a cd and use that for WFP...
ill have to unpatch the ux dll before though.
Quote:

No chance of connecting the pcs via LAN and using ICS?
share the connection? whenever i try, it never connects properly. always 'limited or no connectivity'. the last time i tried doing that,(which was last year i think) i was ripping my hair out trying to fix that problem. i still havnt. :ball:

so i think ill try putting i386 onto a cd and see what happens.

JesusIsGonnaOwnSatan 11-23-2008 02:35 AM

i wasnt able to do anything about the problem thanks to circumstances till today.
i found a guide to create a boot cd from the i386 folder, and oh, what a wonderfully tedious process. :dozey:
and guess what? i found the virus on another xp of mine! yippee! home edition this time. shouldve expected this really.

this is gonna take some time

ill update on any new developments :thumbsup:

Astrotoy7 11-23-2008 07:03 AM

if anyone can solve it, Jesus can ;)

mtfbwya

JesusIsGonnaOwnSatan 02-03-2009 01:53 AM

ok. so ive been dealing with this problem with a nice dose of procrastination until now...

i just found another victim on that idiot trojan's hitlist: msconfig. gah, with all these utilities gone, it doesnt matter if the virus has been thrown out (which i think it has been), i need to repair the files!
to do that i need the xp cd, which i dont have. i386 seems to be the answer, but ive lost the guide that i found to create a setup disc put of it.
astro, when you mentioned sfc, that was to repair the messed up cmd and regedit utilities, right? ive heard i can make sfc use i386 as the source to make repairs... but ive also heard that the way do that is through regedit, which is dead. is there any other way to do this?

you also asked me if i could use internet connection sharing... i just got that problem solved and i can use my laptop to connect my ibm to the interwebs. what were you intending with it?

Astrotoy7 02-04-2009 10:35 AM

lolz...if im reading this and the other thread correctly, you have now connected the old pc and that is giving you endless trouble after you tried to upgrade your AV software.

You really need to get your hands on an xp disc... ;)

mtfbwya

JesusIsGonnaOwnSatan 02-04-2009 07:18 PM

yuppers. gosh, what a time to NOT have the xp cd... next time im not gonna let them not give me a cd... :firemad:

JesusIsGonnaOwnSatan 05-15-2009 07:01 AM

alright, some new developments: i found the xp cd for my xp home comp that also had the virus and corrupted utilities. it was buried under piles of stuff in a drawer somewhere. thankfully, it was in my special box where i keep all my driver cds! which means that im home free -- time to reinstall! :emodanc:

ive gathered all important files into one backup folder which i shall then put on another hard drive which i shall stick in the comp.

but i have a question: can the virus jump to the new hd like it does to usb flash drives? because in that case, i'll have to stick a cd writer drive in and use cds to back the files up...

regardless, im going to have to blast the disk(s) with an arsenal of anti-baddie software before i copy the files to the new install


All times are GMT -4. The time now is 10:21 PM.

Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
LFNetwork, LLC ©2002-2011 - All rights reserved.