TechSpot

Cmd.exe Error

By CrmDcoco
Jul 16, 2007
  1. Hello all,

    I'm having no luck finding what application has grabbed ahold of this command and wont let go.

    When I try to run CMD.EXE, a popup says "Another program is currently using this file.

    Can someone assist in locating the culprit please?


    CRM
     
  2. Po`Girl

    Po`Girl TS Rookie Posts: 595

    Hi,

    You have spyware.

    Go HERE follow the instructions,then post an HJT,Combofix and AVG anti spyware logs in this thread.

    It looks like a lot of work,and it is !! :grinthumb
     
  3. CrmDcoco

    CrmDcoco TS Rookie Topic Starter

    HJT log

    Here is the HJT log.

    I have installed ESET NOD32 from McAfee Virusscan Enterprise Edition(which is what was running when I got infected) and it found and removed "starbr.exe", and "msnsgrs.exe"

    I also installed an ran Spyware Doctor, but it found nothing.

    Whats the next step?


    CRM
     
  4. Po`Girl

    Po`Girl TS Rookie Posts: 595

    As previously mentioned,go HERE follow all the steps and post those three logs.

    The reason for this is that it saves everyone time,if you do all it in one go.

    And gets your system clean quicker.:)
     
  5. Cinders

    Cinders TechSpot Chancellor Posts: 872   +12

    Your anti-virus program will not stop a program that uses Windows exploits to self install. It will let you know that something is wrong but it will probably not remove enough of the program to kill it.
     
  6. CrmDcoco

    CrmDcoco TS Rookie Topic Starter

    Few Problems...

    Combofix.exe produces the same results as when trying to run CMD.EXE...
    a popup says "Another program is currently using this file.

    AVG Antispyware renders the computer useless. The mouse moves, but all other requests seem to go ignored. I cant even shutdown normally. I can go into safe mode and remove AVG, then the computer responds as normal.

    Any ideas? Should I remove my spyware program (Spyware Doctor) and try to install AVG again?


    CRM
     
  7. BlameCanada

    BlameCanada TS Rookie Posts: 320

    Did you do Step 1 properly ?

    Disable anti virus programs,anti spyware programs and any real time monitoring progs.
     
  8. CrmDcoco

    CrmDcoco TS Rookie Topic Starter

    STEP1:


    Malware Removal: Temporarily Disable Real Time Monitoring Programs.


    See these instructions on how to disable some of the more common real time monitoring programmes. Thanks to CastleCops for the info.

    Step one says nothing about disabling antivirus proggies. I did however, turn off real time monitoring on my installed spyware program.


    CRM
     
  9. CrmDcoco

    CrmDcoco TS Rookie Topic Starter

    AVG Drive C: scan results

    Disabling Spyware Doctor didnt work for me. I had to uninstall it.

    Drive D: is scanning now. Will post when finished.


    CRM
     
  10. CrmDcoco

    CrmDcoco TS Rookie Topic Starter

    AVG Drive D: Scan results

    Combofix.exe still produces the same results as when trying to run CMD.EXE...
    a popup says "Another program is currently using this file.


    CRM
     
  11. BlameCanada

    BlameCanada TS Rookie Posts: 320

    I think these are your problems,but I`m not a spyware expert,so either wait for
    one to arrive or do your own googling.


    D:\Program Files\SnadBoy's Revelation v2\Revelation.exe -> Not-A-Virus.PSWTool.Win32.SnadBoy.2011 :
    D:\Program Files\SnadBoy's Revelation v2\RevelationHelper.dll -> Not-A-Virus.PSWTool.Win32.SnadBoy.2011 :
    D:\Program Files\Radmin\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 :


    C:\WINNT\system32\admdll.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 :
    C:\WINNT\system32\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 :
    C:\WINNT\system32\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21
     
  12. CrmDcoco

    CrmDcoco TS Rookie Topic Starter

    Nah. Those proggies are harmless. Neither of which are viruses.

    Remote Administrator, great tool, low footprint for remote control of my network.


    CRM
     
  13. CrmDcoco

    CrmDcoco TS Rookie Topic Starter

    Thanx to all who helped. This system is back in primo condition now.

    The problem was a virus. I ended up restoring the system state from tape backup. Once I got ahold of the cmd.exe file again, combofix ran and caught the little buggar.

    One correction mentioned earlier. I was running Network Associates Virusscan Enterprise Edition when I got infected, and not McAfee. I am now running ESET NOD32.


    CRM
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...