[wehey]

Hello...

Attempting to help my colleague out with his laptop here, the machine is behaving absolutely fine excluding one persistent fault.

Whenever a 'cmd' command is given in the Run window, Windows returns a "cmd is not a valid Win32 application"

I can however access the Windows command prompt via the Start menu. Once in the command prompt, commands such as 'ping' etc. return errors such as "C:\WINDOWS\System32\ping.com is not a valid Win32 application"

This is a relatively new problem and I'm slightly baffled, any help would be really appreciated. Is this malware or a windows corruption?

Thanks in advance,
Mark

N.B System is running XP SP2, I can see avast! anti-virus is running and I'm afraid without any more specific questions I don't know what you need to know.

[nigglesnush85]

Hello Wehey,

Can you find cmd.exe in the C:\WINDOWS\system32 folder?

[wehey]

As I recall, when searching for that location, I couldn't find a System32 folder within WINDOWS. I tried changing the folder options to display hidden files/folders, but still no System32.

[nigglesnush85]

In control panel in folder options there is an option to view hidden files and show protected operating system files. make sure these are ok before looking.

[wehey]

Hi,

I have found the system32 file (it was hidden). I have semi-cured the problem. In the folder there was a cmd.exe and a hidden cmd.com, likewise there was a ping.exe and a hidden ping.com.

Both files (.com) had 0 file size, I have deleted the files and now both the cmd will run and the ping function works fine. This does lead to the question, how did these get created? Is this a sign of malware?

Thanks for your help so far...

Mark

[nigglesnush85]

That is strange, there is the posibility that these files are malware related. What security products does the system have?

[wehey]

I know he runs a free version of avast anti-virus and I did notice Spybot had quarantined a few nasties in the past but I would need to pinch his laptop again to confirm any other software he maybe using.

I'm guessing something had to create these .com files in Windows but quite what type of file they were or why they had no size to them is puzzling. Should I recommend he posts in malware and runs a HijackThis scan?

Thanks.

[nigglesnush85]

Running the security products can't hurt, and should be done regularly. The .com files are a part of windows from what I can remember they were similar to .exe files a long time ago. I have no idea why they would be there on your system though.

[Artellos]

*Artellos jumps in and takes a look.

Those .com files are definitely not supposed to be there. (There ARE legit .com files)
.com files are part of the old "command.com" dos interface. (Much like todays "cmd.exe")
take a read here: http://www.computerh...es/ch000395.htm

I suspect your friends laptop has some malware.
I Suggest you make a log and go to the malware doctors found in this forum.
Please make sure that you read this before posting anything in the malware forum.

If you're still having problems after the malware doctors declare your log clean feel free to post back here and we'll help you to the best of our knowledge!

Regards,
Olrik