Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows.system32.cmd.exe


  • Please log in to reply
2 replies to this topic

#1 SandyH

SandyH

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Perth, Western Australia
  • Local time:03:32 PM

Posted 13 January 2006 - 09:24 PM

Hello, I do not use "internet explorer" I use Firefox, but whenever my windows starts up a get a small DOS window that opens up when everything on my page opens, written within the DOS window it has a command telling it to open "c:\windows.system32.cmd.exe run iexplorer http\\69.93.111.150/albino-flash16/youare(www.albinoblacksheep.com).swf
this command appears 3 times in the DOS window, then "Internet Explorer" opens itself up with 3 different windows, all with the same web address. When they are all opened it has a thing that opens up and says, "you are an idiot".
Nothing I have on my computer can pick it up and I have a lot of stuff to stop spyware etc. I use VET and it still does not pick it up. I'm assuming that because it has gotten into the DOS side of the computer that nothing I have will do anything anyway.
If some-one out there has any idea what this darn thing is, I would appreciate some HELP!!
Thank you.
Sandy

BC AdBot (Login to Remove)

 


#2 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:11:32 PM

Posted 13 January 2006 - 10:21 PM

by posting to the HJT forum you have done the best you can.
Help is a bit slow since the holidays, please be patient.

I noticed these in your log:

O4 - HKLM\..\Run: [fun] C:\WINDOWS\system32\windows_boot.cmd
O4 - HKLM\..\Run: [startup_xp8] C:\WINDOWS\system32\win32-load.pif

The HJT team member who will help you will no doubt have better
communication regarding your unique fix recommendations,
but just so you know, your explanation of the problem
has evidenced itself.

Expect a recovery plan asap, and just bear with it a while longer.

Welcome to BC, SandyH

Edited by phawgg, 13 January 2006 - 10:22 PM.

patiently patrolling, plenty of persisant pests n' problems ...

#3 SandyH

SandyH
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Perth, Western Australia
  • Local time:03:32 PM

Posted 13 January 2006 - 11:31 PM

thank you so much phwagg. I appreciate the help, no matter how long I have to wait.....Sandy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users