You may have a trojan/virus/worm.
Are you using cmd.exe or cmd.com?
cmd.com is *NOT* an XP file. This is a file that gets added by a
trojan/virus/worm.
What happens if you type: cmd.exe in Start | Run instead of cmd?
What happens if you type: ping.exe 192.168.1.100 instead of ping
192.168.1.100?
Does regedit open if you type: regedit in Start | Run?
Update your antivirus software and run a complete scan.
Update whatever anti-spyware applications that you have and run a full
system scan with each one.
Also Known As: W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]
[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also drops
the following files in the Windows system folder:
CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM
These files contain the string MZ so that this worm can disable the
following Windows tool applications:
CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T
Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In