CMD will not run properly

G

Guest

Hello,
My cmd will not run properly. When i type "ping 192.168.1.100" or any other
command for that matter, it displays about 2 lines of zeros, then says: the
NTVDM CPU has encountered an illegal instruction. CS:054c IP:fff0 OP:fe ff 1d
09 30 Choose 'close' to terminate the app. Someone help!
 
W

Wesley Vogel

You may have a trojan/virus/worm.

Are you using cmd.exe or cmd.com?

cmd.com is *NOT* an XP file. This is a file that gets added by a
trojan/virus/worm.

What happens if you type: cmd.exe in Start | Run instead of cmd?

What happens if you type: ping.exe 192.168.1.100 instead of ping
192.168.1.100?

Does regedit open if you type: regedit in Start | Run?

Update your antivirus software and run a complete scan.

Update whatever anti-spyware applications that you have and run a full
system scan with each one.

Also Known As: W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]

[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also drops
the following files in the Windows system folder:

CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM

These files contain the string MZ so that this worm can disable the
following Windows tool applications:

CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
P

Pegasus \(MVP\)

Nublet said:
Hello,
My cmd will not run properly. When i type "ping 192.168.1.100" or any other
command for that matter, it displays about 2 lines of zeros, then says: the
NTVDM CPU has encountered an illegal instruction. CS:054c IP:fff0 OP:fe ff 1d
09 30 Choose 'close' to terminate the app. Someone help!
Click to expand...

Your machine is most likely infected with spyware or
with a virus. It placed some garbage commands on your
PC that are now invoked instead of the real thing. How
good is your virus protection?

Have a look the folders c:\Windows and c:\Windows\System32.
You will most likely find some files such as cmd.com or ping.com.
Get rid of them - the correct commands are cmd.exe and ping.exe.
 
G

Guest

Yeah, guys. Thank you. When i typed the 'exe' after the files, they worked.
So im running a full 'deep scan' as we speak. Should take care of the
problem. Thanks again.
 
P

Pegasus \(MVP\)

Nublet said:
Yeah, guys. Thank you. When i typed the 'exe' after the files, they worked.
So im running a full 'deep scan' as we speak. Should take care of the
problem. Thanks again.
Click to expand...

Not necessarily. The bogus files may be duds but they
may not be infected with a virus, in which case your virus
scanner may not detect them. Get rid of them manually!
 
W

Wesley Vogel

Because 192.168.1.100 is probably an intranet address on a home network not
an internet address.

[[Private Addresses
There are also blocks of IP addresses that are set aside for internal
private use for computers not directly connected to the Internet. These IP
addresses are not supposed to be routed through the Internet, and most
service providers will block the attempt to do so. These IP addresses are
used for internal use by company or home networks that need to use TCP/IP
but do not want to be directly visible on the Internet. These IP ranges are:
192.168.0.0 through 192.168.255.255 ]]
from...
IP addresses Explained
http://www.bleepingcomputer.com/tutorials/tutorial37.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

OKay few more questions and more info 3
I can't ping! I receive this error. 2
Can't install software from CD/ NTVDM Errors/ Dos prompt 2
Cmd/Command Errors 7
Start----"Run" problem! 2
regedit error message"16 bit ms-dos subsystem" 4
illegal? 2
Illegal What?? 4

Top