 Netcmd.exe |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about. The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information. The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. These are both amazing contests and I suggest everyone submit an entry for them. - BleepingComputer Management |
BleepingComputer.com > Bleeping Computer Applications and Guides > Windows Startup Programs Database  |
 Oct 15 2007, 05:24 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 8 Joined: 22-August 07 Member No.: 152,024  |
 Recently I was infected by a trojan called "infostealer" so I updated my virus definition files and the softwares I'm using is Norton 2007 and Spyware Doctor. Thereafter, I was able to removed the trojan and the infected files. However, upon startup even before I removed the trojan this message would always appears...  I tried to remove the message by finding its entry in the regedit files by expanding both HKCLM\Software\Microsoft\Windows\Currentversion\Run and HK_USERS\Software\Microsoft\Windows\Currentversion\Run, however, the entry pertaining to netcmd.exe was not there. I also tried searching for it in the msconfig panel, still to no avail. After reading most of the intructions above regarding windows startup program and the use of 'autorun.exe' file... I just want to ask a question whether using the program is safe to say at least? Thanks 
|
 |
 
|
|
Oct 25 2007, 08:51 AM
Post
#2
|
|
 Bleepin' Night Watchman Group: BC Advisor Posts: 1,767 Joined: 5-December 05 From: The City of Saint Francis, by the western sea Member No.: 43,307 |
hi there, hisuka2001, welcome to BC!
First off, sorry for the delay in getting you post answered, 10 days is way beyond our desired answer time, I'm sure. As for you problem, the netcmd.exe(AKA Agobot.AQ) worm creates two registry entries whach call the netcmd.exe file at startup. Seeing as you've mentioned that you already attempted to edit the registry, I'm going to assume you know how to do it. Of course, always backup your registry before doing any editing!! Delete the following two entries: CODE HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Network Command Service
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Network Command Service -------------------- root@bleepingcomputer>./sig_file
Signature Not Found. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th December 2008 - 02:19 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.