Netstat Problem

M

Martin

Dear Group, Trying to use Netstat on my XP Pro box i get the following Error
message,

16 BIT MS DOS SUBSYSTEM
Command Prompt - netstat
config.nt. The system file is not suitable for running MS-DOS and Microsoft
Windows applications.

Any thoughts on what it means chaps?


--
Best Wishes from Martin

So many questions, so few answers.

PGP Key ID, 0x581E4CE1
 
W

Wesley Vogel

Seems to be an epidemic lately....

This can be caused by a trojan.

Get rid of the trojan.

Update your antivirus software and run a full system scan.

Copy the autoexec.nt file from C:\Windows\Repair to C:\Windows\System32
And set Attributes for autoexec.nt to Read-only.

Or %systemroot%\Repair to %systemroot%\System32

Read-only
[[Specifies whether this file is read-only, which means that it cannot be
changed or accidentally deleted.]]

1. Right click the file.
2. Properties.
3. Select: Read-only.
4. Click: Apply.
5. Click: OK.

Do all of the above for config.nt also.

16-bit MS-DOS Subsystem error while installing or running a DOS application
http://windowsxp.mvps.org/16bit.htm

MS-DOS or 16-bit Windows-based program Error Message
http://www.kellys-korner-xp.com/xp_m.htm#16bit

Error message when you install or start an MS-DOS or 16-bit Windows-based
program
http://support.microsoft.com/default.aspx?scid=kb;en-us;324767

"16 Bit MS-DOS Subsystem" Error Message When You Install a Program
http://support.microsoft.com/default.aspx?scid=kb;en-us;314452

Troubleshooting MS-DOS-based programs in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314106

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
M

Martin

Wesley said:
Copy the autoexec.nt file from C:\Windows\Repair to C:\Windows\System32
And set Attributes for autoexec.nt to Read-only.

Or %systemroot%\Repair to %systemroot%\System32

Read-only
[[Specifies whether this file is read-only, which means that it cannot be
changed or accidentally deleted.]]

1. Right click the file.
2. Properties.
3. Select: Read-only.
4. Click: Apply.
5. Click: OK.

Do all of the above for config.nt also.
Click to expand...


Thanks Wesley but no good i'm afraid. No Viruses or Trojans present i'm
pleased to say. Followed the instructions to the letter and tried the
Netstat command. CPU usage up to 100% and program hangs.

--
Best Wishes from Martin

So many questions, so few answers.

PGP Key ID, 0x581E4CE1
 
W

Wesley Vogel

Martin,

You are typing netstat into a command prompt, right? cmd.exe and not
command.com?

Start | Run | Type: cmd | Click OK

Typing netstat into a cmd.exe window with both autoexec.nt and config.nt
missing from C:\Windows\System32 worked fine for me, I tried it.

command.com will not even open with either autoexec.nt or config.nt or both
missing from C:\Windows\System32 for me, I tried it.

I wonder if your cmd.exe is damaged or got hijacked. Make sure that cmd.exe
is opening.

Paste the following line into the Start | Run box and click OK...

C:\WINDOWS\System32\cmd.exe

Then open the Task Manager...
Ctrl + Shift + Esc
Click the Processes tab
Click the Image Name header to alphabetize
Make sure that cmd.exe is listed

Type netstat.exe into the command window and see what happens.

Sometimes a virus or trojan disables CMD.EXE, NETSTAT.EXE, PING.EXE,
REGEDIT.EXE, TASKKILL.EXE, TASKLIST.EXE and TRACERT.EXE and substitutes
CMD.COM, NETSTAT.COM, PING.COM, REGEDIT.COM, TASKKILL.COM, TASKLIST.COM and
TRACERT.COM in their places.

Try this...
Start | Run | Type: regedit | Click OK

What happens? Does the Registry Editor open?

CMD.COM, NETSTAT.COM, PING.COM, REGEDIT.COM, TASKKILL.COM, TASKLIST.COM and
TRACERT.COM are not correct XP files.

I suspect that you have or had a virus/trojan/worm.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
Martin said:
Wesley said:
Copy the autoexec.nt file from C:\Windows\Repair to C:\Windows\System32
And set Attributes for autoexec.nt to Read-only.

Or %systemroot%\Repair to %systemroot%\System32

Read-only
[[Specifies whether this file is read-only, which means that it cannot be
changed or accidentally deleted.]]

1. Right click the file.
2. Properties.
3. Select: Read-only.
4. Click: Apply.
5. Click: OK.

Do all of the above for config.nt also.
Click to expand...


Thanks Wesley but no good i'm afraid. No Viruses or Trojans present i'm
pleased to say. Followed the instructions to the letter and tried the
Netstat command. CPU usage up to 100% and program hangs.

--
Best Wishes from Martin

So many questions, so few answers.

PGP Key ID, 0x581E4CE1
Click to expand...
 
M

Martin

Wesley said:
Paste the following line into the Start | Run box and click OK...

C:\WINDOWS\System32\cmd.exe

Then open the Task Manager...
Ctrl + Shift + Esc
Click the Processes tab
Click the Image Name header to alphabetize
Make sure that cmd.exe is listed

Type netstat.exe into the command window and see what happens.
Click to expand...

Yes that works for me Wesley!!



Sometimes a virus or trojan disables CMD.EXE, NETSTAT.EXE, PING.EXE,
REGEDIT.EXE, TASKKILL.EXE, TASKLIST.EXE and TRACERT.EXE and substitutes
CMD.COM, NETSTAT.COM, PING.COM, REGEDIT.COM, TASKKILL.COM, TASKLIST.COM and
TRACERT.COM in their places.

Try this...
Start | Run | Type: regedit | Click OK

What happens? Does the Registry Editor open?
Click to expand...

Arrgggg! Regedit won't open now!! All i get now is a DOS type widow titled
"C:\windows\system32\regedit.com


CMD.COM, NETSTAT.COM, PING.COM, REGEDIT.COM, TASKKILL.COM, TASKLIST.COM and
TRACERT.COM are not correct XP files.

I suspect that you have or had a virus/trojan/worm.
Click to expand...

--
Best Wishes from Martin

So many questions, so few answers.

PGP Key ID, 0x581E4CE1
 
W

Wesley Vogel

Martin,

You have a virus. regedit.com is *NOT* an XP file.

Update your antivirus software and run a complete scan.

Also Known As: W32.Alcan.A, Win32.Alcan.A [Computer Associates],
P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee],
W32/Alcra-A [Sophos], WORM_ALCAN.A [Trend Micro]

[[This worm drops the legitimate file compression DLL, BSZIP.DLL in the
Windows system folder. It does this so it can compress itself. It also drops
the following files in the Windows system folder:

CMD.COM
NETSTAT.COM
PING.COM
REGEDIT.COM
TASKKILL.COM
TASKLIST.COM
TRACERT.COM

These files contain the string MZ so that this worm can disable the
following Windows tool applications:

CMD.EXE
NETSTAT.EXE
PING.EXE
REGEDIT.EXE
TASKKILL.EXE
TASKLIST.EXE
TRACERT.EXE ]]
From...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T

Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Slave disk recycle+restore 4
Change hard drive icon 2
Open new window maximum size 1
How do you open 16-bit files on Windows XP? 2
ok, let's clear this up MS - is Product Activation really restricted? 119
config.nt 1
Start menu programs 3
AUTOEXEC.NT error 5

Top