Command.exe not responding

D

dave

Every time a user log's off a win2k sp3 machine, he/she
receives a DOS Window stating :

Command.exe is not responding.

is there a way to determine which process is causing this?

thanks
 
M

mole

dave said:
Every time a user log's off a win2k sp3 machine, he/she
receives a DOS Window stating :

Command.exe is not responding.

is there a way to determine which process is causing this?

thanks
Click to expand...

It says "command.exe" not "command.com" or "cmd.exe"? Is this on more than
one workstation?

In any event, could well be a Trojan if it is "command.exe":

http://search.symantec.com/custom/us/query.html
http://www.trendmicro.com/search/google/results.asp?lr=&q=command.exe
http://vil.mcafee.com/dispVirus.asp?virus_k=10232

Good luck,

mole
 
M

Mark V

dave wrote in
further to this post, i would like to confirm that the
file not responding is C:\WINNT\SYSTEM32\CMD.EXE

any ideas are very welcomed.
Click to expand...

Still thinking trojan/virus etc. ... Try checking the properties of
the file and compare to known "good" cmd.exe and/or replace cmd.exe
from a "clean" system.

You might also try Process Explorer (PROCEXP.EXE) from
www.sysinternals.com to see if there is a parent process starting a
cmd.exe (for clues).
 
M

mole

[snippage]
further to this post, i would like to confirm that the
file not responding is C:\WINNT\SYSTEM32\CMD.EXE
Click to expand...
[/snippage]

[more snippage][/more snippage]

Only in the latter case (command.exe) would I strongly suspect a Trojan or
viral infection. In the former, CMD.exe is a known executable, but it
worries me that it reports not responding at logoff which indicates
something is running in it while the user is logged on. Before shutting
down, what processes are running, anything in cmd.exe, ntvdm or wow? What is
in the start-up folder (All Users, current user) and run Keys in the
registry. How about things loading in win.ini. There are things that could
run in the cmd.exe process and do something to cause it to hang. Are the 40%
of the workstations all from the same image? Anything in common aside from
cmd.exe not responding at logoff? Maybe something hung from a login script
calling something in %comspec%?

(Note that these steps are still the same I would use to look for a Trojan
or virus aside from using at least two different scanning tools.)

As Mark V. said, what does installing cmd.exe from a "clean" system do? Any
improvement?

mole
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

learning win xp - for geeks (ideas?) 1
Preventing a user from using running certain programs 1
Printing from "DOS" in WinXP 2
Windows Explorer Not Respoding at Shutdown 2
can'texecute any programs :-( 4
{Not responding} 9
Flash MFC application is not responding 1
disney pixar cars game not responding 1

Top