CMD

[Guest]

when i try and open the command prompt it says "cmd is not a valid win32
aplication" does anyone know how to fix this

 

[Will Denny]

Hi

Try this from Start>Run

cmd /?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

 

[Alec S.]

when i try and open the command prompt it says "cmd is not a valid win32
aplication" does anyone know how to fix this

Try this as well:

cmd.exe

If cmd.exe works but cmd does not, then you probably have a file called cmd.com somewhere (in the path) which is being run instead.
You will really want to find it and delete it since it's most likely to be bad.

 

[Will Denny]

Hi

I've never come across cmd.com - only cmd.exe. Where did you hear about
cmd.com?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

when i try and open the command prompt it says "cmd is not a valid win32
aplication" does anyone know how to fix this

Try this as well:

cmd.exe

If cmd.exe works but cmd does not, then you probably have a file called
cmd.com somewhere (in the path) which is being run instead.
You will really want to find it and delete it since it's most likely to be
bad.

 

[Wesley Vogel]

Will,

From my standard post on cmd.com that I have had for over a YEAR...

You have a trojan/virus/worm. cmd.com is *NOT* an XP file.

cmd.exe and command.com are legitimate Windows XP files.

You have a trojan/virus/worm. cmd.exe is not part of the 16 bit MS-DOS
Subsystem. autoexec.nt and config.nt have nothing to do with cmd.exe.

When you type cmd in the Start | Run box, XP finds cmd.com instead of
cmd.exe. When a command is typed without an extension, XP looks for the
..com extension first before it looks for the .exe extension, if it finds
cmd.com, it will not even look for cmd.exe. Because XP finds cmd.com XP
thinks that it needs autoexec.nt and config.nt to run cmd.com.

cmd.com is *NOT* an XP file, it's added by a trojan/worm/virus.

If you were to type cmd.exe in the Start | Run box, cmd.exe might open if
the trojan/worm/virus hasn't rendered it useless.

UPDATE your antivirus software and run a complete scan.

UPDATE whatever anti-spyware applications that you have and run a full
system scan with each one.

Also Known As: W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]

[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also drops
the following files in the Windows system folder:

CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM

These files contain the string MZ so that this worm can disable the
following Windows tool applications:

CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Hi

I've never come across cmd.com - only cmd.exe. Where did you hear about
cmd.com?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

when i try and open the command prompt it says "cmd is not a valid win32
aplication" does anyone know how to fix this

Try this as well:

cmd.exe

If cmd.exe works but cmd does not, then you probably have a file called
cmd.com somewhere (in the path) which is being run instead.
You will really want to find it and delete it since it's most likely to
be bad.

 

[Wesley Vogel]

From
Sat, Jun 11 2005 3:06 pm
http://groups.google.com/group/micr...y+author:vogel&rnum=31&hl=en#877c65797df5e18d

"cmd.com" author:wesley author:vogel
http://groups.google.com/groups?q="...1&as_maxd=25&as_maxm=8&as_maxy=2006&safe=off&

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Hi

I've never come across cmd.com - only cmd.exe. Where did you hear about
cmd.com?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

when i try and open the command prompt it says "cmd is not a valid win32
aplication" does anyone know how to fix this

Try this as well:

cmd.exe

If cmd.exe works but cmd does not, then you probably have a file called
cmd.com somewhere (in the path) which is being run instead.
You will really want to find it and delete it since it's most likely to
be bad.

 

[Will Denny]

Exactly. So I've got no idea why cmd.com can be a legit file.

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

 

[Wesley Vogel]

cmd.com is NOT a legit file. But if you happen to be unlucky enough to have
cmd.com, typing cmd in the Run command causes problems because cmd.exe will
NOT open. All you get is some error message about cmd.com.

Like one of these...

C:\WINDOWS\SYSTEM32\cmd.com
The NTVDM CPU has encountered an illegal instruction.CS:0549 IP:010c4 f6 06
a9 02 choose 'close' to terminate the application.

C:/WINDOWS/system32/cmd.com
C:/WINDOWS/SYSTEM32/AUTOEXEC.NT. The system file is not suitable for running
MS-DOS and Microsoft Windows applications. Choose 'close' to terminate the
application.

C:/Windows/ system32/cmd.com
The NTVDM CPU has encountered an illegal instuction. CS:0557 IP:ffe4 OP:fe
ff 1d 09 21 Choose 'close' to terminate the application;" choosing "close"
or "ignore" both cause the application to exit.

C: /WINDOWS/system32/cmd.com
C: /WINDOWS/SYSTEM32/AUTOEXEC.NT. The system file is not suitable, in order
to implement applications for MS-DOS or Microsoft Windows. Click on
"Button", in order to terminate application.

C:\WINDOWS /system32/cmd.com
Processor NTVDM met an instruction not - authorized.
CS: 0702 IP: 0122 COp: Fe FF 3b 15 80 Choose “To close” to put an end to the
application.

And cmd.exe, if rendered useless, by the trojan/virus/worm that created
cmd.com may not work at all. I have no first hand experience with that
because I have never had the trojan/virus/worm that can create those .com
programs. I.e. CMD.COM, NETSTAT.COM, PING.COM, REGEDIT.COM,
TASKKILL.COM,TASKLIST.COM and TRACERT.COM.

None of these will probably work either...
NETSTAT.EXE, PING.EXE, REGEDIT.EXE, TASKKILL.EXE, TASKLIST.EXE or
TRACERT.EXE

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Wesley Vogel]

Regarding this line...

These files contain the string MZ so that this worm can disable the
following Windows tool applications:
from....
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

It meant that the .com files mentioned have the MZ string.

I.E. CMD.COM, NETSTAT.COM, PING.COM, REGEDIT.COM, TASKKILL.COM,TASKLIST.COM
and TRACERT.COM

Com programs do not normally have the MZ string.

First line of cmd.exe...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of netstat.exe...
MZ   ÿÿ ¸ @ Ø º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of ping.exe...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of regedit.exe...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of taskkill.exe...
MZ   ÿÿ ¸ @ è º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of tasklist.exe...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of tracert.exe...
MZ   ÿÿ ¸ @ Ø º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

Since I do not have any of the above .com files because I never have had the
trojan/virus/worm that adds them, I cannot check out the MZ string that they
contain.

However, I do have Regedit.com. Added by using Doug Knox's
xp_emegencyutil.exe.

From here...
http://www.dougknox.com/xp/utils/xp_emerutils.htm

That particular file, Regedit.com is just regedit.exe renamed to
Regedit.com. So it contains...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

And that particular Regedit.com just opens as the Registry Editor.

If the MZ string is removed from any of those files above, it doesn't matter
what extension they have, they will no longer be an .exe file. They will be
treated as a .com or a .bat file.

Com programs do not have the MZ string.

For example, command.com does not have the MZ string.

From David Candy....

<quote>
A exe, dll, ocx all start with MZ (the initials of the programmer that
developed the Dos exe format - all windows executables include a dos program
before the windows program in the file - run a win prog in Dos - the message
comes from the Dos part of the program not from the OS)

(E.G. exe, scr, ocx, cpl and dll files all start with MZ - the initial of
the MS programmer that designed the Dos exe file format - all windows
programs have a dos program built in, that these days, says "this Program
Requires MS Windows if run on a Dos computer")

Programs always start with MZ, bitmaps start with BM, JPEGs will have JFIF
in the first few characters, GIF files start with GIF89a.

All program files start MZ (the initials of the programmer who 25 years ago
invented exe files).

If there is no MZ then it can't be an .exe file. It will be treated as com
or bat file.
<quote>

First line of scrnsave.scr...
MZ   ÿÿ ¸ @ Ð º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of wmp.ocx...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of access.cpl...
MZ   ÿÿ ¸ @ Ð º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of sfc.dll...
MZ   ÿÿ ¸ @ Ø º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of C:\Documents and Settings\All Users\Application
Data\Microsoft\User Account Pictures\Administrator.bmp...
BM@ @ ( 0 0
 

First line of C:\WINDOWS\Web\Wallpaper\Ascent.jpg...
ÿØÿà JFIF

H H ÿí–Photoshop 3.0 8BIMCaption

First line of C:\WINDOWS\system32\ntimage.gif...
GIF89a  ³ÿ ÿÿÿùùùòòòëëëåååßßßÔÔÔÈÈȺºº

Try it yourself. Drag notepad.exe or any other .exe, .scr, .ocx, .cpl or
..dll file onto an open notepad. Tip, pick smaller ones, they open quicker.
You won't get the hourglass.

I believe that these are the legitimate Windows XP *.com files.

In C:\WINDOWS\system32\ or %windir%\system32\

CHCP.COM (Change CodePage Utility) Displays or sets the active code page
number.
COMMAND.COM (MS-DOS Prompt) MS-DOS command interpreter.
DISKCOMP.COM (Disk Comparison Utility) Compares the contents of two floppy
disks.
DISKCOPY.COM (Disk Copy Utility) Copies the contents of one floppy disk to
another.
EDIT.COM (MS-DOS Editor)
FORMAT.COM (Disk Format Utility) Formats a disk for use with Windows XP.
GRAFTABL.COM (Graftabl Utility) Enable Windows to display an extended
character set in graphics mode.
GRAPHICS.COM (graphics for compatibility with MS-DOS files) Loads a program
that can print graphics.
KB16.COM (16-bit keyboard mapping utility, previously known as the Keyb.com
utility) Configures a keyboard for a specific language.
LOADFIX.COM (loadfix) Loads a program above the first 64K of memory, and
runs the program.
MODE.COM (DOS Device MODE Utility) Configures system devices.
MORE.COM (More Utility) Displays output one screen at a time.
TREE.COM (Tree Walk Utility) Graphically displays the folder structure of a
drive or path.
WIN.COM (WIN.COM for compatibility??? WIN.COM was the executable file
used to load Microsoft Windows 3.1, 3.11, 95 and 98. I have no idea what it
does in XP.)
NTDETECT.COM (NTDETECT detects installed hardware components when XP boots.)

You may have more legitimate .com files such as WZ.COM (WinZip running DOS
program). C:\Program Files\WinZip\WZ.COM or %programfiles%\WZ.COM

COM extension, is short for Command and is an executable file like .EXE only
smaller. Supposed to be less than 64K in size.

Where is David when you need him?


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Will,

From my standard post on cmd.com that I have had for over a YEAR...

You have a trojan/virus/worm. cmd.com is *NOT* an XP file.

cmd.exe and command.com are legitimate Windows XP files.

You have a trojan/virus/worm. cmd.exe is not part of the 16 bit MS-DOS
Subsystem. autoexec.nt and config.nt have nothing to do with cmd.exe.

When you type cmd in the Start | Run box, XP finds cmd.com instead of
cmd.exe. When a command is typed without an extension, XP looks for the
.com extension first before it looks for the .exe extension, if it finds
cmd.com, it will not even look for cmd.exe. Because XP finds cmd.com XP
thinks that it needs autoexec.nt and config.nt to run cmd.com.

cmd.com is *NOT* an XP file, it's added by a trojan/worm/virus.

If you were to type cmd.exe in the Start | Run box, cmd.exe might open if
the trojan/worm/virus hasn't rendered it useless.

UPDATE your antivirus software and run a complete scan.

UPDATE whatever anti-spyware applications that you have and run a full
system scan with each one.

Also Known As: W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]

[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also
drops the following files in the Windows system folder:

CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM

These files contain the string MZ so that this worm can disable the
following Windows tool applications:

CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Hi

I've never come across cmd.com - only cmd.exe. Where did you hear about
cmd.com?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

 

[Wesley Vogel]

<quote>
Mark Zbikowski (an early DOS programmer whose initials are in EXE files)
<quote>
Acronym Finder Search: What does MZ stand for?
http://www.acronymfinder.com/af-query.asp?Acronym=MZ&String=exact&p=ol

<quote>
Another commonly used method to identify if the program is an EXE file is
looking for the MZ string at the beginning of the EXE file header. MZ are
the initials of Mark Zbikowsky, the programmer who designed the EXE file
format.
<quote>
Tutorials - The Memory Resident Virus Primer
http://vx.netlux.org/lib/static/vdat/tumisc51.htm

<quote>
Mark Zbikowski (born March 21, 1956 in Detroit, Michigan) is a Microsoft
Architect. He started working at the company only a few years after its
inception, leading efforts in MS-DOS, OS/2, Cairo and Windows NT. In 2006 he
was honored for 25 years of service with the company, the first employee to
reach this milestone other than Bill Gates and Steve Ballmer.

He was the designer of the DOS executable file format, used in MS-DOS
executable files, and his initials grace the headers of that file format.
The magic number of this type of file is the ASCII string 'MZ' ('4D 5A' in a
disk editor, but written as: 0x5A4D in programs).
<quote>
Mark Zbikowski
http://en.wikipedia.org/wiki/Mark_Zbikowski

<quote>
The MS-DOS Header
Every PE file begins with a small MS-DOS® executable. The need for this stub
executable arose in the early days of Windows, before a significant number
of consumers were running it. When executed on a machine without Windows,
the program could at least print out a message saying that Windows was
required to run the executable.

The first bytes of a PE file begin with the traditional MS-DOS header,
called an IMAGE_DOS_HEADER. The only two values of any importance are
e_magic and e_lfanew. The e_lfanew field contains the file offset of the PE
header. The e_magic field (a WORD) needs to be set to the value 0x5A4D.
There's a #define for this value, named IMAGE_DOS_SIGNATURE. In ASCII
representation, 0x5A4D is MZ, the initials of Mark Zbikowski, one of the
original architects of MS-DOS.
<quote>
Inside Windows: An In-Depth Look into the Win32 Portable Executable File
Format -- MSDN Magazine, February 2002
http://msdn.microsoft.com/msdnmag/issues/02/02/PE/default.aspx

The error that gets displayed is:

This program cannot be run in DOS mode.

"This Program Cannot Be Run in DOS Mode" Running Windows XP Setup
http://support.microsoft.com/kb/278104

Cannot Start a Windows-Based Program from MS-DOS Prompt
http://support.microsoft.com/kb/134489

<quote>
Ever wonder why the first two bytes in a .exe are 'MZ' in ASCII.

Mark worked on the DOS loader and this legacy lives on in Portable
Executable images today!
<quote>
Mark Zbikowski - From DOS 1.0 to Windows Vista
http://channel9.msdn.com/Showpost.aspx?postid=193997

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Regarding this line...

These files contain the string MZ so that this worm can disable the
following Windows tool applications:
from....
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

It meant that the .com files mentioned have the MZ string.

I.E. CMD.COM, NETSTAT.COM, PING.COM, REGEDIT.COM,
TASKKILL.COM,TASKLIST.COM and TRACERT.COM

Com programs do not normally have the MZ string.

First line of cmd.exe...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of netstat.exe...
MZ   ÿÿ ¸ @ Ø º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of ping.exe...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of regedit.exe...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of taskkill.exe...
MZ   ÿÿ ¸ @ è º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of tasklist.exe...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of tracert.exe...
MZ   ÿÿ ¸ @ Ø º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

Since I do not have any of the above .com files because I never have had
the trojan/virus/worm that adds them, I cannot check out the MZ string
that they contain.

However, I do have Regedit.com. Added by using Doug Knox's
xp_emegencyutil.exe.

From here...
http://www.dougknox.com/xp/utils/xp_emerutils.htm

That particular file, Regedit.com is just regedit.exe renamed to
Regedit.com. So it contains...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

And that particular Regedit.com just opens as the Registry Editor.

If the MZ string is removed from any of those files above, it doesn't
matter what extension they have, they will no longer be an .exe file.
They will be treated as a .com or a .bat file.

Com programs do not have the MZ string.

For example, command.com does not have the MZ string.

From David Candy....

<quote>
A exe, dll, ocx all start with MZ (the initials of the programmer that
developed the Dos exe format - all windows executables include a dos
program before the windows program in the file - run a win prog in Dos -
the message comes from the Dos part of the program not from the OS)

(E.G. exe, scr, ocx, cpl and dll files all start with MZ - the initial of
the MS programmer that designed the Dos exe file format - all windows
programs have a dos program built in, that these days, says "this Program
Requires MS Windows if run on a Dos computer")

Programs always start with MZ, bitmaps start with BM, JPEGs will have JFIF
in the first few characters, GIF files start with GIF89a.

All program files start MZ (the initials of the programmer who 25 years
ago invented exe files).

If there is no MZ then it can't be an .exe file. It will be treated as
com or bat file.
<quote>

First line of scrnsave.scr...
MZ   ÿÿ ¸ @ Ð º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of wmp.ocx...
MZ   ÿÿ ¸ @ à º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of access.cpl...
MZ   ÿÿ ¸ @ Ð º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of sfc.dll...
MZ   ÿÿ ¸ @ Ø º ´
Í!¸
LÍ!This program cannot be run in DOS mode.

First line of C:\Documents and Settings\All Users\Application
Data\Microsoft\User Account Pictures\Administrator.bmp...
BM@ @ ( 0 0
 

First line of C:\WINDOWS\Web\Wallpaper\Ascent.jpg...
ÿØÿà JFIF

H H ÿí–Photoshop 3.0 8BIMCaption

First line of C:\WINDOWS\system32\ntimage.gif...
GIF89a  ³ÿ ÿÿÿùùùòòòëëëåååßßßÔÔÔÈÈȺºº

Try it yourself. Drag notepad.exe or any other .exe, .scr, .ocx, .cpl or
.dll file onto an open notepad. Tip, pick smaller ones, they open
quicker. You won't get the hourglass.

I believe that these are the legitimate Windows XP *.com files.

In C:\WINDOWS\system32\ or %windir%\system32\

CHCP.COM (Change CodePage Utility) Displays or sets the active code page
number.
COMMAND.COM (MS-DOS Prompt) MS-DOS command interpreter.
DISKCOMP.COM (Disk Comparison Utility) Compares the contents of two
floppy disks.
DISKCOPY.COM (Disk Copy Utility) Copies the contents of one floppy disk
to another.
EDIT.COM (MS-DOS Editor)
FORMAT.COM (Disk Format Utility) Formats a disk for use with Windows XP.
GRAFTABL.COM (Graftabl Utility) Enable Windows to display an extended
character set in graphics mode.
GRAPHICS.COM (graphics for compatibility with MS-DOS files) Loads a
program that can print graphics.
KB16.COM (16-bit keyboard mapping utility, previously known as the
Keyb.com utility) Configures a keyboard for a specific language.
LOADFIX.COM (loadfix) Loads a program above the first 64K of memory, and
runs the program.
MODE.COM (DOS Device MODE Utility) Configures system devices.
MORE.COM (More Utility) Displays output one screen at a time.
TREE.COM (Tree Walk Utility) Graphically displays the folder structure
of a drive or path.
WIN.COM (WIN.COM for compatibility??? WIN.COM was the executable file
used to load Microsoft Windows 3.1, 3.11, 95 and 98. I have no idea what
it does in XP.)
NTDETECT.COM (NTDETECT detects installed hardware components when XP
boots.)

You may have more legitimate .com files such as WZ.COM (WinZip running DOS
program). C:\Program Files\WinZip\WZ.COM or %programfiles%\WZ.COM

COM extension, is short for Command and is an executable file like .EXE
only smaller. Supposed to be less than 64K in size.

Where is David when you need him?


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Will,

From my standard post on cmd.com that I have had for over a YEAR...

You have a trojan/virus/worm. cmd.com is *NOT* an XP file.

cmd.exe and command.com are legitimate Windows XP files.

You have a trojan/virus/worm. cmd.exe is not part of the 16 bit MS-DOS
Subsystem. autoexec.nt and config.nt have nothing to do with cmd.exe.

When you type cmd in the Start | Run box, XP finds cmd.com instead of
cmd.exe. When a command is typed without an extension, XP looks for the
.com extension first before it looks for the .exe extension, if it finds
cmd.com, it will not even look for cmd.exe. Because XP finds cmd.com XP
thinks that it needs autoexec.nt and config.nt to run cmd.com.

cmd.com is *NOT* an XP file, it's added by a trojan/worm/virus.

If you were to type cmd.exe in the Start | Run box, cmd.exe might open if
the trojan/worm/virus hasn't rendered it useless.

UPDATE your antivirus software and run a complete scan.

UPDATE whatever anti-spyware applications that you have and run a full
system scan with each one.

Also Known As: W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]

[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also
drops the following files in the Windows system folder:

CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM

These files contain the string MZ so that this worm can disable the
following Windows tool applications:

CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Wesley Vogel]

I copied those errors from posts and did not catch the incorrect paths.
I.e. the forward slashes. A couple of those error messages were translated
from other languages, that's why they look even goofier.

Like one of these...

C:\WINDOWS\SYSTEM32\cmd.com
The NTVDM CPU has encountered an illegal instruction.CS:0549 IP:010c4 f6 06
a9 02 choose 'close' to terminate the application.

C:\WINDOWS\system32\cmd.com
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running
MS-DOS and Microsoft Windows applications. Choose 'close' to terminate the
application.

C:\Windows\system32\cmd.com
The NTVDM CPU has encountered an illegal instruction. CS:0557 IP:ffe4 OP:fe
ff 1d 09 21 Choose 'close' to terminate the application;" choosing "close"
or "ignore" both cause the application to exit.

C:\WINDOWS\system32\cmd.com
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable, in order
to implement applications for MS-DOS or Microsoft Windows. Click on
"Button", in order to terminate application.

C:\WINDOWS\system32\cmd.com
Processor NTVDM met an instruction not - authorized.
CS: 0702 IP: 0122 COp: Fe FF 3b 15 80 Choose “To close” to put an end to the
application.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Wesley Vogel]

Try this.

I just did it myself.

Start | Run | Type: system32 | Click OK |

Scroll down to the bottom of the System32 folder.

Right click, point to New and select Text Document.

Rename it to cmd.com

Click YES to this message...

---------------------------
Rename
---------------------------
If you change a file name extension, the file may become unusable.

Are you sure you want to change it?
---------------------------
Yes No
---------------------------

cmd.com now exists in System32, with the DOS looking icon and 0 bytes.

You can check its Properties.

General tab
Type of file: MS-DOS Application

Program tab
Cmd line: C:\WINDOWS\system32\cmd.com

Leave the System32 folder open.

Type: cmd in the Run command and click OK.

You get this Error message and nothing else opens...

---------------------------
cmd
---------------------------
cmd is not a valid Win32 application.

---------------------------
OK
---------------------------

Click OK to the message.

Now type: cmd.exe in the Run command.

Cmd.exe will open.

Delete cmd.com in the System32 folder and close the folder.

Now type: cmd in the Run command.

Cmd.exe will open.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

ok iv done a search for all of the .com u listed but most importantly there
is no cmd.com but cmd.exe works

 

[Guest]

also when im in comand prompt i tried to run tracert but that came up as not
a valid win32 aplication
--
Excuse Me, You''re Stepping On My Eyeball.

ok iv done a search for all of the .com u listed but most importantly there
is no cmd.com but cmd.exe works

 

[Wesley Vogel]

What happens if you type: tracert.exe /? in a command prompt and hit
Enter?

Does that display tracert help or bring up an error?

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

also when im in comand prompt i tried to run tracert but that came up as
not a valid win32 aplication
--
Excuse Me, You''re Stepping On My Eyeball.

ok iv done a search for all of the .com u listed but most importantly
there is no cmd.com but cmd.exe works
--
Excuse Me, You''''re Stepping On My Eyeball.

From
Sat, Jun 11 2005 3:06 pm
http://groups.google.com/group/micr...y+author:vogel&rnum=31&hl=en#877c65797df5e18d

"cmd.com" author:wesley author:vogel
http://groups.google.com/groups?q="...1&as_maxd=25&as_maxm=8&as_maxy=2006&safe=off&

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In Will Denny <[email protected]> hunted and pecked:
Hi

I've never come across cmd.com - only cmd.exe. Where did you hear
about cmd.com?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

when i try and open the command prompt it says "cmd is not a valid
win32 aplication" does anyone know how to fix this
--
Excuse Me, You''re Stepping On My Eyeball.


Try this as well:

cmd.exe

If cmd.exe works but cmd does not, then you probably have a file
called cmd.com somewhere (in the path) which is being run instead.
You will really want to find it and delete it since it's most likely
to be bad.

 

[Wesley Vogel]

There could be several things wrong. There could be something wrong with
the file cmd.exe itself. Or there could be something wrong with PATHEXT.

Do other commands work from Start | Run without typing the Extensions?

Like typing control instead of control.exe, calc instead of calc.exe,
clipbrd instead of clipbrd.exe or cleanmgr instead of cleanmgr.exe?

If those commands work without typing the .exe part then something may be
wrong with cmd.exe.

System File Checker (sfc.exe) replaces screwed up system files.

Load your XP CD in your CD drive.

Start | Run | Type or paste: sfc /scannow | Click OK

If you have XP Home and it asks for your XP Pro CD, see this KB article...

You may be prompted to insert a Windows XP Professional CD when you run the
System File Checker tool in Windows XP Home Edition
http://support.microsoft.com/kb/897128

If SFC.EXE did anything it will be in the Event Viewer.

Open the Event Viewer...
Start | Run | Type: eventvwr | Click OK |
Click System | Look at any Windows File Protection
entries

Explains a whole bunch about sfc.exe.
scannow sfc (sfc.exe)
http://www.updatexp.com/scannow-sfc.html

Description of Windows XP and Windows Server 2003 System File Checker
(Sfc.exe)
http://support.microsoft.com/?kbid=310747

------

If those commands did not work without typing the .exe part then something
may be wrong with your PATHEXT.

The environmental variable Pathext shows a list of file extensions that are
considered to be executable and regulates which extensions do not need to be
typed in a Command or Run window.

Open a command prompt, for you...
Start | Run | Type: cmd.exe | Click OK |
Type: set in the prompt and hit your Enter key |
Scroll down to PATHEXT

PATHEXT should look something like this...

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

This registry key is what holds the environment variables...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Session Manager\Environment
Value Name: PATHEXT should show the same thing.

See this, it explains how to add items to PATHEXT...
Why do I have to type filename.bat, filename doesn't work
http://www.jsifaq.com/SUBD/TIP1700/rh1706.htm

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

ok iv done a search for all of the .com u listed but most importantly
there is no cmd.com but cmd.exe works
--
Excuse Me, You''''re Stepping On My Eyeball.

From
Sat, Jun 11 2005 3:06 pm
http://groups.google.com/group/micr...y+author:vogel&rnum=31&hl=en#877c65797df5e18d

"cmd.com" author:wesley author:vogel
http://groups.google.com/groups?q="...1&as_maxd=25&as_maxm=8&as_maxy=2006&safe=off&

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

yes that brings up some options
--
Excuse Me, You''re Stepping On My Eyeball.

What happens if you type: tracert.exe /? in a command prompt and hit
Enter?

Does that display tracert help or bring up an error?

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

also when im in comand prompt i tried to run tracert but that came up as
not a valid win32 aplication
--
Excuse Me, You''re Stepping On My Eyeball.

ok iv done a search for all of the .com u listed but most importantly
there is no cmd.com but cmd.exe works
--
Excuse Me, You''''re Stepping On My Eyeball.


:

From
Sat, Jun 11 2005 3:06 pm
http://groups.google.com/group/micr...y+author:vogel&rnum=31&hl=en#877c65797df5e18d

"cmd.com" author:wesley author:vogel
http://groups.google.com/groups?q="...1&as_maxd=25&as_maxm=8&as_maxy=2006&safe=off&

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In Will Denny <[email protected]> hunted and pecked:
Hi

I've never come across cmd.com - only cmd.exe. Where did you hear
about cmd.com?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

when i try and open the command prompt it says "cmd is not a valid
win32 aplication" does anyone know how to fix this
--
Excuse Me, You''re Stepping On My Eyeball.


Try this as well:

cmd.exe

If cmd.exe works but cmd does not, then you probably have a file
called cmd.com somewhere (in the path) which is being run instead.
You will really want to find it and delete it since it's most likely
to be bad.

 

[Guest]

ok im doing all that now will get back to u on what it says
--
Excuse Me, You''re Stepping On My Eyeball.

There could be several things wrong. There could be something wrong with
the file cmd.exe itself. Or there could be something wrong with PATHEXT.

Do other commands work from Start | Run without typing the Extensions?

Like typing control instead of control.exe, calc instead of calc.exe,
clipbrd instead of clipbrd.exe or cleanmgr instead of cleanmgr.exe?

If those commands work without typing the .exe part then something may be
wrong with cmd.exe.

System File Checker (sfc.exe) replaces screwed up system files.

Load your XP CD in your CD drive.

Start | Run | Type or paste: sfc /scannow | Click OK

If you have XP Home and it asks for your XP Pro CD, see this KB article...

You may be prompted to insert a Windows XP Professional CD when you run the
System File Checker tool in Windows XP Home Edition
http://support.microsoft.com/kb/897128

If SFC.EXE did anything it will be in the Event Viewer.

Open the Event Viewer...
Start | Run | Type: eventvwr | Click OK |
Click System | Look at any Windows File Protection
entries

Explains a whole bunch about sfc.exe.
scannow sfc (sfc.exe)
http://www.updatexp.com/scannow-sfc.html

Description of Windows XP and Windows Server 2003 System File Checker
(Sfc.exe)
http://support.microsoft.com/?kbid=310747

------

If those commands did not work without typing the .exe part then something
may be wrong with your PATHEXT.

The environmental variable Pathext shows a list of file extensions that are
considered to be executable and regulates which extensions do not need to be
typed in a Command or Run window.

Open a command prompt, for you...
Start | Run | Type: cmd.exe | Click OK |
Type: set in the prompt and hit your Enter key |
Scroll down to PATHEXT

PATHEXT should look something like this...

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

This registry key is what holds the environment variables...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Session Manager\Environment
Value Name: PATHEXT should show the same thing.

See this, it explains how to add items to PATHEXT...
Why do I have to type filename.bat, filename doesn't work
http://www.jsifaq.com/SUBD/TIP1700/rh1706.htm

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

ok iv done a search for all of the .com u listed but most importantly
there is no cmd.com but cmd.exe works
--
Excuse Me, You''''re Stepping On My Eyeball.

From
Sat, Jun 11 2005 3:06 pm
http://groups.google.com/group/micr...y+author:vogel&rnum=31&hl=en#877c65797df5e18d

"cmd.com" author:wesley author:vogel
http://groups.google.com/groups?q="...1&as_maxd=25&as_maxm=8&as_maxy=2006&safe=off&

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In Will Denny <[email protected]> hunted and pecked:
Hi

I've never come across cmd.com - only cmd.exe. Where did you hear about
cmd.com?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

when i try and open the command prompt it says "cmd is not a valid
win32 aplication" does anyone know how to fix this
--
Excuse Me, You''re Stepping On My Eyeball.


Try this as well:

cmd.exe

If cmd.exe works but cmd does not, then you probably have a file called
cmd.com somewhere (in the path) which is being run instead.
You will really want to find it and delete it since it's most likely to
be bad.

 

[Guest]

ok i did the scan took about 4 or 5 mins it finished and did nothing after
that am i supposed to do something now?
--
Excuse Me, You''re Stepping On My Eyeball.

There could be several things wrong. There could be something wrong with
the file cmd.exe itself. Or there could be something wrong with PATHEXT.

Do other commands work from Start | Run without typing the Extensions?

Like typing control instead of control.exe, calc instead of calc.exe,
clipbrd instead of clipbrd.exe or cleanmgr instead of cleanmgr.exe?

If those commands work without typing the .exe part then something may be
wrong with cmd.exe.

System File Checker (sfc.exe) replaces screwed up system files.

Load your XP CD in your CD drive.

Start | Run | Type or paste: sfc /scannow | Click OK

If you have XP Home and it asks for your XP Pro CD, see this KB article...

You may be prompted to insert a Windows XP Professional CD when you run the
System File Checker tool in Windows XP Home Edition
http://support.microsoft.com/kb/897128

If SFC.EXE did anything it will be in the Event Viewer.

Open the Event Viewer...
Start | Run | Type: eventvwr | Click OK |
Click System | Look at any Windows File Protection
entries

Explains a whole bunch about sfc.exe.
scannow sfc (sfc.exe)
http://www.updatexp.com/scannow-sfc.html

Description of Windows XP and Windows Server 2003 System File Checker
(Sfc.exe)
http://support.microsoft.com/?kbid=310747

------

If those commands did not work without typing the .exe part then something
may be wrong with your PATHEXT.

The environmental variable Pathext shows a list of file extensions that are
considered to be executable and regulates which extensions do not need to be
typed in a Command or Run window.

Open a command prompt, for you...
Start | Run | Type: cmd.exe | Click OK |
Type: set in the prompt and hit your Enter key |
Scroll down to PATHEXT

PATHEXT should look something like this...

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

This registry key is what holds the environment variables...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Session Manager\Environment
Value Name: PATHEXT should show the same thing.

See this, it explains how to add items to PATHEXT...
Why do I have to type filename.bat, filename doesn't work
http://www.jsifaq.com/SUBD/TIP1700/rh1706.htm

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

ok iv done a search for all of the .com u listed but most importantly
there is no cmd.com but cmd.exe works
--
Excuse Me, You''''re Stepping On My Eyeball.

From
Sat, Jun 11 2005 3:06 pm
http://groups.google.com/group/micr...y+author:vogel&rnum=31&hl=en#877c65797df5e18d

"cmd.com" author:wesley author:vogel
http://groups.google.com/groups?q="...1&as_maxd=25&as_maxm=8&as_maxy=2006&safe=off&

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In Will Denny <[email protected]> hunted and pecked:
Hi

I've never come across cmd.com - only cmd.exe. Where did you hear about
cmd.com?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

when i try and open the command prompt it says "cmd is not a valid
win32 aplication" does anyone know how to fix this
--
Excuse Me, You''re Stepping On My Eyeball.


Try this as well:

cmd.exe

If cmd.exe works but cmd does not, then you probably have a file called
cmd.com somewhere (in the path) which is being run instead.
You will really want to find it and delete it since it's most likely to
be bad.

 

[Wesley Vogel]

If SFC.EXE did anything it will be in the Event Viewer.

Open the Event Viewer...
Start | Run | Type: eventvwr | Click OK |
Click System | Look at any Windows File Protection
entries

If the Event Viewer does NOT open, try this...

Start | Run | Type: eventvwr.msc | Click OK |

You may have to reboot also. I do not know, but when in doubt, reboot.

Try typing: cmd into Start | Run again. Does it work?

Does tracert /? show tracert help or show an error?

Or there could be something wrong with PATHEXT.

Do other commands work from Start | Run without typing the Extensions?

Like typing control instead of control.exe, calc instead of calc.exe,
clipbrd instead of clipbrd.exe or cleanmgr instead of cleanmgr.exe?

If those commands did not work without typing the .exe part then something
may be wrong with your PATHEXT.

The environmental variable Pathext shows a list of file extensions that are
considered to be executable and regulates which extensions do not need to be
typed in a Command or Run window.

Open a command prompt, for you...
Start | Run | Type: cmd.exe | Click OK |
Type: set in the prompt and hit your Enter key |
Scroll down to PATHEXT

PATHEXT should look something like this...

PATHEXT=..COM;.EXE;.BAT;.CMD

If you installed the Windows Scripting Host PATHEXT should look something
like this...

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

This registry key is what holds the environment variables...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Session Manager\Environment
Value Name: PATHEXT should show the same thing.

See this, it explains how to add items to PATHEXT...
Why do I have to type filename.bat, filename doesn't work
http://www.jsifaq.com/SUBD/TIP1700/rh1706.htm

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

ok i did the scan took about 4 or 5 mins it finished and did nothing after
that am i supposed to do something now?
--
Excuse Me, You''re Stepping On My Eyeball.

There could be several things wrong. There could be something wrong with
the file cmd.exe itself. Or there could be something wrong with PATHEXT.

Do other commands work from Start | Run without typing the Extensions?

Like typing control instead of control.exe, calc instead of calc.exe,
clipbrd instead of clipbrd.exe or cleanmgr instead of cleanmgr.exe?

If those commands work without typing the .exe part then something may be
wrong with cmd.exe.

System File Checker (sfc.exe) replaces screwed up system files.

Load your XP CD in your CD drive.

Start | Run | Type or paste: sfc /scannow | Click OK

If you have XP Home and it asks for your XP Pro CD, see this KB
article...

You may be prompted to insert a Windows XP Professional CD when you run
the System File Checker tool in Windows XP Home Edition
http://support.microsoft.com/kb/897128

If SFC.EXE did anything it will be in the Event Viewer.

Open the Event Viewer...
Start | Run | Type: eventvwr | Click OK |
Click System | Look at any Windows File Protection
entries

Explains a whole bunch about sfc.exe.
scannow sfc (sfc.exe)
http://www.updatexp.com/scannow-sfc.html

Description of Windows XP and Windows Server 2003 System File Checker
(Sfc.exe)
http://support.microsoft.com/?kbid=310747

------

If those commands did not work without typing the .exe part then
something may be wrong with your PATHEXT.

The environmental variable Pathext shows a list of file extensions that
are considered to be executable and regulates which extensions do not
need to be typed in a Command or Run window.

Open a command prompt, for you...
Start | Run | Type: cmd.exe | Click OK |
Type: set in the prompt and hit your Enter key |
Scroll down to PATHEXT

PATHEXT should look something like this...

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

This registry key is what holds the environment variables...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Session Manager\Environment
Value Name: PATHEXT should show the same thing.

See this, it explains how to add items to PATHEXT...
Why do I have to type filename.bat, filename doesn't work
http://www.jsifaq.com/SUBD/TIP1700/rh1706.htm

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

ok iv done a search for all of the .com u listed but most importantly
there is no cmd.com but cmd.exe works
--
Excuse Me, You''''re Stepping On My Eyeball.


:

From
Sat, Jun 11 2005 3:06 pm

http://groups.google.com/group/micr...y+author:vogel&rnum=31&hl=en#877c65797df5e18d

"cmd.com" author:wesley author:vogel

http://groups.google.com/groups?q="...1&as_maxd=25&as_maxm=8&as_maxy=2006&safe=off&

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In Will Denny <[email protected]> hunted and pecked:
Hi

I've never come across cmd.com - only cmd.exe. Where did you hear
about cmd.com?

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

when i try and open the command prompt it says "cmd is not a valid
win32 aplication" does anyone know how to fix this
--
Excuse Me, You''re Stepping On My Eyeball.


Try this as well:

cmd.exe

If cmd.exe works but cmd does not, then you probably have a file
called cmd.com somewhere (in the path) which is being run instead.
You will really want to find it and delete it since it's most likely
to be bad.