Windupdater is not the only baddie, can also be caused by these...
W32.Alcan.A, Win32.Alcan.A [Computer Associates], P2P-Worm.Win32.Alcan.a
[Kaspersky Lab], W32/Alcan.worm!p2p [McAfee], W32/Alcra-A [Sophos],
WORM_ALCAN.A [Trend Micro]
[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also drops
the following files in the Windows system folder:
CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM
These files contain the string MZ so that this worm can disable the
following Windows tool applications:
CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T
Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html
Seeing this quite a bit lately...
You have a virus. cmd.com is *NOT* an XP file.
You have a trojan/worm/virus. cmd.exe is not part of the 16 bit MS-DOS
Subsystem. autoexec.nt and config.nt have nothing to do with cmd.exe.
When you type cmd in the Start | Run box, XP finds cmd.com instead of
cmd.exe. When a command is typed without an extension, XP looks for the
..com extension first before it looks for the .exe extension, if it finds
cmd.com, it will not even look for cmd.exe. Because XP finds cmd.com XP
thinks that it needs autoexec.nt and config.nt to run cmd.com.
cmd.com is *NOT* an XP file, it's added by a trojan/worm/virus.
If you were to type cmd.exe in the Start | Run box, cmd.exe might open if
the trojan/worm/virus hasn't rendered it useless.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In