Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cmd.exe/regedit.exe crash + network block


  • Please log in to reply
No replies to this topic

#1 Nathan Rutman

Nathan Rutman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 26 March 2009 - 09:33 AM

I didn't know where to post this, but I wanted to document it for anybody else who might encounter it:

Around 8:00 this morning my Internet went down. That was unusual, so I tried to open a command prompt, which kept crashing explorer.

After searching the Internet, I found http://www.bleepingcomputer.com/forums/t/211718/google-redirects-cmdexe-and-regedit-crash-explorerexe/ -- but that wasn't my exact problem. I didn't have the offending file specified, and that post didn't talk about network blocking (which was happening both on my wired and wireless interfaces, while my Mac on the network could connect fine). Renaming cmd.exe to xyz.exe worked (it wouldn't crash), however renaming regedit.exe to zyx.exe didn't help -- it still closed after about 10 seconds, just like it had before.

Within those 10 seconds that regedit stayed open, I exported the drivers32 tree like the above thread suggests. There I found this entry:
"aux2"="C:\\WINDOWS\\system32\\..\\bqnn.bbs"

That looked odd to me, because who puts an extra directory with a "\\..\\" unless they were trying to mask the location? I tried deleting bqnn.bss (which was in c:\windows) and rebooted. It reappeared. Went to a friend's house to download HijackThis (because my connectivity was being blocked) and used the tool to delete the bqnn.bbs file on reboot, as prescribed in the above thread.

It worked and I am now posting from my repaired computer.

And now you know how to fix it if the same happens to you. :thumbsup:

Thanks,
-Nate

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users