WinXP cmd shell window problem
A weird thing kept me occupied my whole saturday and prompted me to write about it so that others facing the same may benefit from the fix.
I was eagerly looking forward to my weekend so that I could try out few things.. testing Java localization features being one of them. Now I did give it a try over the week at work but couldn't do much. Anyways, my work needed me to execute the following command from a shell.
$ java -jar $JAVA_HOME/demo/jfc/Font2DTest/Font2DTest.jar
Let me tell you about the Operating Systems I use. I use Fedora Linux at work and have Windows XP on my laptop. So on a fine Saturday morning in order to execute the above comand, I tried to invoke the Windows XP cmd shell as follows:
(a)
Start -> Run -> cmd
Now I've done this many times in the past but this morning it behaved in a weird manner. The cmd shell window would appear for a brief moment but terminate automatically ! 
Well the first thing I did (besides cursing Windows) was to quickly update my virus definitions and scan my system. This didn't show any virus or infected files. I did a quick google search with the following keywords:
Windows XP, cmd not working
Windows XP, unable to open command prompt
cmd shell terminating automatically
My search didn't yield any fruitful results so decided to investigate into the problem. I tried to execute the cmd.exe directly i.e.
(b)
I browsed to the C:\WINDOWS\system32\ and double-clicked cmd.exe
- Now this did bring up the window!
(MAKE SURE to unhide system files if you wan't the windows explorer to show you files under the C:\WINDOWS\system32\ directory i.e. Tools->Folder Options-> UNCHECK Hide System files)
I tried to execute the cmd shell again using approach (a) but found the same problem !
After trying out the above two approaches multiple times, I observed that with
(b) the shell window has the title - C:\WINDOWS\system32\cmd.exe while with
(a) for the brief moment that the window appears, has the title -
C:\WINDOWS\system32\cmd.COM
I found that C:\WINDOWS\system32\ directory has 2 files named cmd - cmd.exe and cmd.com . I renamed cmd.com to cmd.com_ and then tried approach (a)
Voila! This time it did work.
I did a google search to find the cause of the problem and learnt that my system was infected with the WORM_ALCAN.A virus, which somehow wasn't getting picked by my Anti-Virus utility (Norton). This virus (among various other things) drops the following files in C:\WINDOWS\system32\
Since .COM files have a higher priority over their .EXE counterparts, it disables the execution of the .EXE files.
I realised that NETSTAT and other files were infected too and needless to say I straightaway removed these .COM malicious files.
Learn more about it at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T
Well.. this pretty much brings my Saturday to an end.. I sincerely hope nothing goes wrong tomorrow and I continue with my plans.
Posted at 11:48PM Aug 26, 2006 by Abhishek Mahanty in Misc | Comments[10]
| Archives | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Feeds | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Links | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Blogs | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Technorati | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Referrers | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Today's Page Hits: 46 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Posted by JMurray on August 31, 2006 at 06:10 AM IST #
Posted by JPD on September 16, 2006 at 07:17 PM IST #
Posted by zahir on October 11, 2006 at 08:14 PM IST #
Posted by sanj on December 13, 2006 at 11:00 AM IST #
Posted by kdawg on February 23, 2007 at 07:46 AM IST #
Posted by jai on May 05, 2007 at 01:50 PM IST #
Posted by jayson on July 27, 2007 at 08:50 AM IST #
Oh man my cmd had the same problem... i was getting really frustrated but it works now thanks
Posted by David on August 23, 2007 at 02:02 AM IST #
^^^^^^^^^
Not necessarily Jayson.. what many AV's fail to do is to delete the *.com files (probably a failsafe)
Run the AV to clean up the 'run' entries and the TSR properties of the virus and then delete the *.com files manually.
viruses like this would be pointless if they modded those system files, as SFC would inevitably flag them.. but by inserting a "non" system file that takes advantage of Windows preference of *.com files, SFC is none the wiser.
Good article, i re-ran across this issue today and forgot the fix.
Thanks
Posted by junkbox on October 25, 2007 at 04:17 AM IST #
Hi, thanks a lot for taking your Saturday time to write this post. I had slightly different problem and your article lead me to finding a solution. I was using shortcut to access cmd and it was pointing to smth weird, that only resembled cmd.
Posted by AK on November 19, 2008 at 12:37 AM IST #