TechSpot

C:\windows\system32\cmd.exe/c erase"c

By parkey11
Jul 18, 2006
  1. C:\windows\system32\cmd.exe/c erase"c:\docume~1\steven\locals~1\temp\acsRollback.exe"

    This is something my spyware Adaware picks as an event to change my registery. It happens on reboot and I have always blocked it. there are 2 of them the second one ends in \acsRollbackRes.dll" does anybody know what these are?

    Removed@nolongerhere.com
     
  2. Spike

    Spike TS Evangelist Posts: 2,168

    Please don't post your email adress in public forums, as robots regularly scour the web for email adresses, making it a sure way to get lots of spam.

    The line you have given in your post is a command to use a cmd window to delete the acsrollback file. That file is usually from AOL, but it's location ( %userprofile%\local settings\temp ) makes it worth a little caution.

    In any case, I have moved your post to the "security and the web" forum. Unless you can identify the file for sure, please follow the instructions in the sticky threads there and post a HJT log.
     
  3. parkey11

    parkey11 TS Rookie Topic Starter

    Thanks for the info. I wondered if it had something to do with AOL because at the same time I get a box that says AOL needs to update some files and I need to reboot. When I reboot I get the registry alert and I have always blocked it because seeing that "c erase" in the line scares me.
     
  4. gmuser2006

    gmuser2006 TS Rookie Posts: 37

    CMD.exe - Starts a new instance of the Windows XP command interpreter

    /C Carries out the command specified by string and then terminates


    It should be safe to allow that command to run.
     
  5. parkey11

    parkey11 TS Rookie Topic Starter

    Wow, thanks for the relief. I just didn't know what to do.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...