Archive for the ‘Windows’ Tag

WinXP cmd shell window problem

A weird thing kept me occupied my whole saturday and prompted me to write about it so that others facing the same may benefit from the fix.

I was eagerly looking forward to my weekend so that I could try out few things.. testing Java localization features being one of them. Now I did give it a try over the week at work but couldn’t do much. Anyways, my work needed me to execute the following command from a shell.


$ java -jar $JAVA_HOME/demo/jfc/Font2DTest/Font2DTest.jar

Let me tell you about the Operating Systems I use. I use Fedora Linux at work and have Windows XP on my laptop. So on a fine Saturday morning in order to execute the above comand, I tried to invoke the Windows XP cmd shell as follows:

(a)

Start -> Run -> cmd

Now I’ve done this many times in the past but this morning it behaved in a weird manner. The cmd shell window would appear for a brief moment but terminate automatically ! 😦

Well the first thing I did (besides cursing Windows) was to quickly update my virus definitions and scan my system. This didn’t show any virus or infected files. I did a quick google search with the following keywords:


Windows XP, cmd not working
Windows XP, unable to open command prompt
cmd shell terminating automatically

My search didn’t yield any fruitful results so decided to investigate into the problem. I tried to execute the cmd.exe directly i.e.

(b)

I browsed to the C:\WINDOWS\system32\ and double-clicked cmd.exe

– Now this did bring up the window!

(MAKE SURE to unhide system files if you wan’t the windows explorer to show you files under the C:\WINDOWS\system32\ directory i.e. Tools->Folder Options-> UNCHECK Hide System files)

I tried to execute the cmd shell again using approach (a) but found the same problem !

After trying out the above two approaches multiple times, I observed that with

(b) the shell window has the title – C:\WINDOWS\system32\cmd.exe while with
(a) for the brief moment that the window appears, has the title –
C:\WINDOWS\system32\cmd.COM

I found that C:\WINDOWS\system32\ directory has 2 files named cmd – cmd.exe and cmd.com . I renamed cmd.com to cmd.com_ and then tried approach (a)

Voila! This time it did work.

I did a google search to find the cause of the problem and learnt that my system was infected with the WORM_ALCAN.A virus, which somehow wasn’t getting picked by my Anti-Virus utility (Norton). This virus (among various other things) drops the following files in C:\WINDOWS\system32\

  • CMD.COM
  • NETSTAT.COM
  • PING.COM
  • REGEDIT.COM
  • TASKKILL.COM
  • TASKLIST.COM
  • TRACERT.COM



Since .COM files have a higher priority over their .EXE counterparts, it disables the execution of the .EXE files.

I realised that NETSTAT and other files were infected too and needless to say I straightaway removed these .COM malicious files.

Learn more about it at:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

Well.. this pretty much brings my Saturday to an end.. I sincerely hope nothing goes wrong tomorrow and I continue with my plans.