NTVDM CPU has encountered an illegal instruction

G

Guest

I am trying to set up portforwarding and I need to access the command.com
When I go to the start-run and type in cmd i get a msg box labeled 16 bit
MS-DOS subsystem that says:

C:\WINDOWS\system32\cmd.com
The NTVDM CPU has encountered an illegal instruction.
CS:9fff IP:0054 OP:db ff ff c3 e7 Choose 'Close' to terminate the application

I have Windows XP service pak 2 and have previously used webroot for
spyware, I am not sure if it didnt properly delete a file or what not. But
can anyone help me resolve this issue?
 
W

Wesley Vogel

You also have a virus/trojan/worm. cmd.com is *NOT* an XP file.

UPDATE your antivirus software and run a full system scan.

UPDATE whatever anti-spyware applications that you have and run a full
system scan with each one.

You might want to start in Safe Mode to run your antivirus and anti-spyware
software.

Running a full system antivirus scan or anti-spyware scan in Safe Mode can
be a good idea. Some viruses and other malware like to conceal themselves
in areas Windows protects while using them. Safe mode will prevent those
applications access and therefore unprotect the viruses or other malware
allowing for easier removal.

How to start Windows in Safe Mode Windows XP
http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo

---------------

You have a trojan/virus/worm. cmd.exe is not part of the 16 bit MS-DOS
Subsystem. autoexec.nt and config.nt have nothing to do with cmd.exe.

When you type cmd in the Start | Run box, XP finds cmd.com instead of
cmd.exe. When a command is typed without an extension, XP looks for the
..com extension first before it looks for the .exe extension, if it finds
cmd.com, it will not even look for cmd.exe. Because XP finds cmd.com XP
thinks that it needs autoexec.nt and config.nt to run cmd.com.

cmd.com is *NOT* an XP file, it's added by a trojan/worm/virus.

If you were to type cmd.exe in the Start | Run box, cmd.exe might open if
the trojan/worm/virus hasn't rendered it useless.

Update your antivirus software and run a complete scan.

Update whatever anti-spyware applications that you have and run a full
system scan with each one.

Also Known As: W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]

[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also drops
the following files in the Windows system folder:

CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM

These files contain the string MZ so that this worm can disable the
following Windows tool applications:

CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

illegal instruction 1
ntvdm cpu has encountered an illegal instruction in vista 1
NTVDM CPU Illegal Instruction 1
FTP File upload, damage. 1
cannot run CMD or REGEDIT from start menu NTVDM has encountered illegal instrution 2
16 bit windows subsystem game error 1
NTVDM CPU Has Encounter Illegal Instruction 4
NTVDM CPU has encountered an illegal instruction 5

Top