cmd vs command

[kramer.newsreader]

When I type 'cmd' into the run dialog, I get the following error:

'C:\WINDOWS\system32\cmd.com

The NTVDM CPU has encountered an illegal instruction.'

Then it gives the register dump:

CS:0551 IP:9c3f OP:0f 04 00 10 04

The command 'command' works fine, but this has broken several
installation scripts.

Is there a way to fix this without reinstalling?

 

[Wesley Vogel]

You have a trojan/virus/worm.

cmd.com is *NOT* an XP file, it's added by a trojan/worm/virus.

Update your antivirus software and run a complete scan.

Do the same for whatever anti-spyware applications that you have.

Also Known As: W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]

[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also drops
the following files in the Windows system folder:

CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM

These files contain the string MZ so that this worm can disable the
following Windows tool applications:

CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In