Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 hisuka2001


  • Members
  • 31 posts
  • Local time:12:47 PM

Posted 15 October 2007 - 05:24 AM

If this is not the proper topic forum please move my topic, thanks :thumbsup:

Recently I was infected by a trojan called "infostealer" so I updated my virus definition files and the softwares I'm using is Norton 2007 and Spyware Doctor. Thereafter, I was able to removed the trojan and the infected files. However, upon startup even before I removed the trojan this message would always appears...

Posted Image

I tried to remove the message by finding its entry in the regedit files by expanding both HKCLM\Software\Microsoft\Windows\Currentversion\Run and HK_USERS\Software\Microsoft\Windows\Currentversion\Run, however, the entry pertaining to netcmd.exe was not there. I also tried searching for it in the msconfig panel, still to no avail.
After reading most of the intructions above regarding windows startup program and the use of 'autorun.exe' file... I just want to ask a question whether using the program is safe to say at least?
Thanks :flowers:

BC AdBot (Login to Remove)


#2 Andrew


    Bleepin' Night Watchman

  • Moderator
  • 8,260 posts
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:47 AM

Posted 25 October 2007 - 08:51 AM

hi there, hisuka2001, welcome to BC!

First off, sorry for the delay in getting you post answered, 10 days is way beyond our desired answer time, I'm sure.

As for you problem, the netcmd.exe(AKA Agobot.AQ) worm creates two registry entries whach call the netcmd.exe file at startup. Seeing as you've mentioned that you already attempted to edit the registry, I'm going to assume you know how to do it. Of course, always backup your registry before doing any editing!!

Delete the following two entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Network Command Service
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Network Command Service

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users