A weird thing kept me occupied my whole saturday and prompted me to write about it so that others facing the same may benefit from the fix.
I was eagerly looking forward to my weekend so that I could try out few things.. testing Java localization features being one of them. Now I did give it a try over the week at work but couldn’t do much. Anyways, my work needed me to execute the following command from a shell.
$ java -jar $JAVA_HOME/demo/jfc/Font2DTest/Font2DTest.jar
Let me tell you about the Operating Systems I use. I use Fedora Linux at work and have Windows XP on my laptop. So on a fine Saturday morning in order to execute the above comand, I tried to invoke the Windows XP cmd shell as follows:
(a)
Start -> Run -> cmd
Now I’ve done this many times in the past but this morning it behaved in a weird manner. The cmd shell window would appear for a brief moment but terminate automatically ! 😦
Well the first thing I did (besides cursing Windows) was to quickly update my virus definitions and scan my system. This didn’t show any virus or infected files. I did a quick google search with the following keywords:
Windows XP, cmd not working
Windows XP, unable to open command prompt
cmd shell terminating automatically
My search didn’t yield any fruitful results so decided to investigate into the problem. I tried to execute the cmd.exe directly i.e.
(b)
I browsed to the C:\WINDOWS\system32\ and double-clicked cmd.exe
– Now this did bring up the window!
(MAKE SURE to unhide system files if you wan’t the windows explorer to show you files under the C:\WINDOWS\system32\ directory i.e. Tools->Folder Options-> UNCHECK Hide System files)
I tried to execute the cmd shell again using approach (a) but found the same problem !
After trying out the above two approaches multiple times, I observed that with
(b) the shell window has the title – C:\WINDOWS\system32\cmd.exe while with
(a) for the brief moment that the window appears, has the title –
C:\WINDOWS\system32\cmd.COM
I found that C:\WINDOWS\system32\ directory has 2 files named cmd – cmd.exe and cmd.com . I renamed cmd.com to cmd.com_ and then tried approach (a)
Voila! This time it did work.
I did a google search to find the cause of the problem and learnt that my system was infected with the WORM_ALCAN.A virus, which somehow wasn’t getting picked by my Anti-Virus utility (Norton). This virus (among various other things) drops the following files in C:\WINDOWS\system32\
- CMD.COM
- NETSTAT.COM
- PING.COM
- REGEDIT.COM
- TASKKILL.COM
- TASKLIST.COM
- TRACERT.COM
Since .COM files have a higher priority over their .EXE counterparts, it disables the execution of the .EXE files.
I realised that NETSTAT and other files were infected too and needless to say I straightaway removed these .COM malicious files.
Learn more about it at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T
Well.. this pretty much brings my Saturday to an end.. I sincerely hope nothing goes wrong tomorrow and I continue with my plans.
Abhishek Mahanty's Blog 