D
Dave Lawrence
missing the file cmd32.exe from the /system32 folder
after virus infection. Could someone send me a copy?
Thanks
after virus infection. Could someone send me a copy?
Thanks
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
David H. Lipman
It most likely "IS" the infector, not a valid XP file.
Dave
| missing the file cmd32.exe from the /system32 folder
| after virus infection. Could someone send me a copy?
|
| Thanks
Dave
| missing the file cmd32.exe from the /system32 folder
| after virus infection. Could someone send me a copy?
|
| Thanks
C
Carey Frisch [MVP]
Remove remnants of KWBot.Worm from the Registry and File System
http://www.dougknox.com/xp/scripts_desc/xp_clean_kwbot.htm
This worm causes an error message that "CMD32.EXE" cannot be found on startup.
The error message may also be that "system32.exe" cannot be found.
Note: You'll have to disable your antivirus program before running the repair.
[Courtesy of MS-MVP Doug Knox]
--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/
------------------------------------------------------------------------------------
| missing the file cmd32.exe from the /system32 folder
| after virus infection. Could someone send me a copy?
|
| Thanks
http://www.dougknox.com/xp/scripts_desc/xp_clean_kwbot.htm
This worm causes an error message that "CMD32.EXE" cannot be found on startup.
The error message may also be that "system32.exe" cannot be found.
Note: You'll have to disable your antivirus program before running the repair.
[Courtesy of MS-MVP Doug Knox]
--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/
------------------------------------------------------------------------------------
| missing the file cmd32.exe from the /system32 folder
| after virus infection. Could someone send me a copy?
|
| Thanks
D
David H. Lipman
Assuming it is the "W32/Kwbot.worm" !
It could be the; GAObot, SDbot or Randex.AMA worms which also use CMD32.EXE as the name of
the infector.
"W32/Gaobot.worm.gen.e" -- http://vil.nai.com/vil/content/v_101447.htm
"W32/Gaobot.worm.ali" -- http://vil.nai.com/vil/content/v_125006.htm
"W32/Kwbot.worm" -- http://vil.nai.com/vil/content/v_99555.htm
"W32.Kwbot.C" --
http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.c.worm.html
"W32.Randex.AMA" --
http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ama.html
"Backdoor.Sdbot" --
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html
If it is the SDBot here are the removal directions...
Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/
1) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot the PC into Safe Mode
3) Using McAfee Stinger, perform a Full Scan of the platform and clean/delete any
infectors found
4) Restart the PC and perform a "final" Full Scan of the affected platform
5) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
6) Reboot the PC.
7) Create a new Restore point
In any case shutting down one's AV software to remove an infector is CONTRINDICATED for any
novice.
That's one reason I don't like quoting anothers information. It needs to be firsthand
knowledge and not parroting another's information.
That's another reason why the OP should go to one of the following News Groups...
microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus
I see too much mis-information in MS OS News groups concerning infectors and not enough
actual research (Google seraches DON'T count - only AV libraries/encyclopaedias)
Dave
| Remove remnants of KWBot.Worm from the Registry and File System
| http://www.dougknox.com/xp/scripts_desc/xp_clean_kwbot.htm
|
| This worm causes an error message that "CMD32.EXE" cannot be found on startup.
| The error message may also be that "system32.exe" cannot be found.
|
| Note: You'll have to disable your antivirus program before running the repair.
|
| [Courtesy of MS-MVP Doug Knox]
|
| --
| Carey Frisch
| Microsoft MVP
| Windows XP - Shell/User
|
| Be Smart! Protect your PC!
| http://www.microsoft.com/security/protect/
|
| ------------------------------------------------------------------------------------
|
| |
| | missing the file cmd32.exe from the /system32 folder
| | after virus infection. Could someone send me a copy?
| |
| | Thanks
It could be the; GAObot, SDbot or Randex.AMA worms which also use CMD32.EXE as the name of
the infector.
"W32/Gaobot.worm.gen.e" -- http://vil.nai.com/vil/content/v_101447.htm
"W32/Gaobot.worm.ali" -- http://vil.nai.com/vil/content/v_125006.htm
"W32/Kwbot.worm" -- http://vil.nai.com/vil/content/v_99555.htm
"W32.Kwbot.C" --
http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.c.worm.html
"W32.Randex.AMA" --
http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.ama.html
"Backdoor.Sdbot" --
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html
If it is the SDBot here are the removal directions...
Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/
1) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot the PC into Safe Mode
3) Using McAfee Stinger, perform a Full Scan of the platform and clean/delete any
infectors found
4) Restart the PC and perform a "final" Full Scan of the affected platform
5) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
6) Reboot the PC.
7) Create a new Restore point
In any case shutting down one's AV software to remove an infector is CONTRINDICATED for any
novice.
That's one reason I don't like quoting anothers information. It needs to be firsthand
knowledge and not parroting another's information.
That's another reason why the OP should go to one of the following News Groups...
microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus
I see too much mis-information in MS OS News groups concerning infectors and not enough
actual research (Google seraches DON'T count - only AV libraries/encyclopaedias)
Dave
| Remove remnants of KWBot.Worm from the Registry and File System
| http://www.dougknox.com/xp/scripts_desc/xp_clean_kwbot.htm
|
| This worm causes an error message that "CMD32.EXE" cannot be found on startup.
| The error message may also be that "system32.exe" cannot be found.
|
| Note: You'll have to disable your antivirus program before running the repair.
|
| [Courtesy of MS-MVP Doug Knox]
|
| --
| Carey Frisch
| Microsoft MVP
| Windows XP - Shell/User
|
| Be Smart! Protect your PC!
| http://www.microsoft.com/security/protect/
|
| ------------------------------------------------------------------------------------
|
| |
| | missing the file cmd32.exe from the /system32 folder
| | after virus infection. Could someone send me a copy?
| |
| | Thanks
M
Miss Perspicacia Tick
Dave said:missing the file cmd32.exe from the /system32 folder
after virus infection. Could someone send me a copy?
Thanks
Just reinstall the virus and you'll be fine... ;o)
P
Plato
Dave said:missing the file cmd32.exe from the /system32 folder
after virus infection. Could someone send me a copy?
http://www.bootdisk.com/bootlist/083.htm#4
B
Bruce Chambers
Greetings --
You don't want that file. CMD32.exe *is* the virus; it's
certainly not a valid Windows system file. Pay particular attention
to _all_ of the removal instructions:
W32.Kwbot.C.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.c.worm.html
Additionally, MS-MVP Doug Knox has kindly scripted a tool that
should help:
http://www.dougknox.com/xp/scripts_desc/xp_clean_kwbot.htm
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
You don't want that file. CMD32.exe *is* the virus; it's
certainly not a valid Windows system file. Pay particular attention
to _all_ of the removal instructions:
W32.Kwbot.C.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.c.worm.html
Additionally, MS-MVP Doug Knox has kindly scripted a tool that
should help:
http://www.dougknox.com/xp/scripts_desc/xp_clean_kwbot.htm
Bruce Chambers
--
Help us help you:
You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
K
Ken Blake
In
You don't want it back. It's the virus you deleted. You're now
left with a reference to it that you also need to remove.
See www.dougknox.com, Win XP Fixes, Clean KWBot.Worm Registry
entries.
Dave Lawrence said:missing the file cmd32.exe from the /system32 folder
after virus infection. Could someone send me a copy?
You don't want it back. It's the virus you deleted. You're now
left with a reference to it that you also need to remove.
See www.dougknox.com, Win XP Fixes, Clean KWBot.Worm Registry
entries.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.