Re: 16-bit MS-DO Subsystem

When I type in "C:\winnt\system32\cmd.exe", system32 opens. When I type
cmd.exe, Documents and Settings open. I'll have to contact my ISP to check
on the internet connection problem because everything looks correct in my
configuration. Right now I have disconnected everything so I can find out
why I have no internet connection. Any other advise you can give would be
greatly appreciated. Thanks...Sam

"Pegasus (MVP)" wrote:

What happens when you type this instead:
c:\winnt\system32\cmd.exe

You can, of course, restore the original from the
i386 folder of your Win2000 installation CD.

"Sam Lightbourn" <SamLightbourn@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:76BFCF86-CAE9-43FA-984A-285E7E30155D@xxxxxxxxxxxxxxxx
I renamed the files ( I found them in 2 places) and rebooted the system.
Still have the same problem. I will go to start/run and type 'cmd' and I
get
the same message. Also the window that opens up is cmd.co. This is why I
asked about renaming it. Or if I removed it could I copy it from
somewhere
else? I have a problem with my network and I need to get into the ms-dos
system to possibly locate the problem. Thanks

"Pegasus (MVP)" wrote:

Your list looks fine - all .com files shown are valid Win2000
files, with the exception of startrom.com. I don't know what
it is - disable it by renaming it to startrom.co and see what
happens.

Going back to your original problem: Does it still happen,
and if so, what are the exact circumstances under which it
occurs?


"Sam Lightbourn" <SamLightbourn@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:6F77063B-888D-4160-A4AC-489DB21B0998@xxxxxxxxxxxxxxxx
Here is the info you requested: I guess from the looks of things I
got
nailed pretty good.

Volume in drive C has no label.
Volume Serial Number is 9800-E815

Directory of c:\winnt\assembly\GAC

08/09/2006 11:57p <DIR>
Intuit.Spc.Map.EntitlementClient.Common
0 File(s) 0 bytes

Directory of c:\winnt\assembly\GAC_MSIL

07/12/2006 03:03a <DIR>
Microsoft.VisualBasic.Compatibility
0 File(s) 0 bytes

Directory of c:\winnt\Microsoft.NET\Framework\v2.0.50727\CONFIG

09/23/2005 08:28a 42,927 machine.config.comments
09/23/2005 08:28a 56,960 web.config.comments
2 File(s) 99,887 bytes

Directory of c:\winnt\ServicePackFiles\i386

07/22/2002 01:05p 50,620 command.com
06/19/2003 03:05p 10,512 diskcomp.com
06/19/2003 03:05p 8,464 diskcopy.com
06/19/2003 03:05p 34,064 format.com
07/22/2002 01:05p 34,724 ntdetect.com
07/22/2002 01:05p 20,614 startrom.com
6 File(s) 158,998 bytes

Directory of c:\winnt\system32

12/07/1999 04:00p 8,464 chcp.com
07/22/2002 01:05p 50,620 command.com
06/19/2003 03:05p 10,512 DISKCOMP.COM
06/19/2003 03:05p 8,464 DISKCOPY.COM
12/07/1999 04:00p 69,886 edit.com
06/19/2003 03:05p 34,064 FORMAT.COM
12/07/1999 04:00p 34,576 graftabl.com
12/07/1999 04:00p 19,694 graphics.com
12/07/1999 04:00p 14,710 kb16.com
12/07/1999 04:00p 1,131 loadfix.com
12/07/1999 04:00p 20,752 mode.com
12/07/1999 04:00p 16,656 more.com
12/07/1999 04:00p 12,560 tree.com
12/07/1999 04:00p 24,848 win.com
14 File(s) 326,937 bytes

Directory of c:\winnt\system32\reminst

07/22/2002 01:05p 20,614 startrom.com
1 File(s) 20,614 bytes

Total Files Listed:
23 File(s) 606,436 bytes
2 Dir(s) 97,061,310,464 bytes free

"Pegasus (MVP)" wrote:

You have confirmed my suspicion - your machine is infested
with malware. There are very few .com files under Win2000,
and neither cmd.com nor ipconfig.com is one of them. They
are called cmd.exe and ipconfig.exe and they reside in the
c:\winnt\system32 folder. Renaming a bad .com file to .exe
makes the problem worse, not better.

Let's have a look at your machine! Do this:
- Click Start / Run / c:\winnt\system32\cmd.exe {OK}
- Type these commands:
dir /s c:\winnt\*.com > c:\test.txt {Enter}
c:\winnt\system32\notepad.exe c:\test.txt {Enter}
- Paste the contents of this text file into your reply.

"Sam Lightbourn" <SamLightbourn@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:BD8F2E1E-3592-435B-BDBC-BFEC24B35D80@xxxxxxxxxxxxxxxx
I found the cmd.com file in the system32 folder. I renamed the
file
cmd.co
but the same problem still exists. I also did a search for the
ipconfig.com
file but that is not present. Could I rename the cmd.com file to
cmd.exe?
Do you think this might correct the problem? Please let me know
when
you
can. Thanks

"Pegasus (MVP)" wrote:

Although you don't say so, I suspect that you are
attempting to run ipconfig to get your IP address
details. You should mention these things - they are
essential for the trouble-shooting process!

I also suspect that your machine is infected with
spyware or malware. Have a look for files such
as cmd.com or ipconfig.com. They are not part
of Windows - the correct names are cmd.exe and
ipconfig.exe. These files are probably responsible
for your problems. Rename them to cmd.co and
ipconfig.co and see what ahppens.


"Sam Lightbourn" <SamLightbourn@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message
news:78377E7D-6EB3-404B-AD1E-117D840DA7F0@xxxxxxxxxxxxxxxx
To be honest with you I have no idea what program was run at
the
time
this
happened. I noticed my internet access was acting erratic, I
went
to
start/run, cmd, to check on the ip configuration, and that was
when
the
subsystem error came up. I rebooted the machine several times
but
the
problem persists. I tried to use the windows setup disks to
repair
the
issue
but that didn't help either. Also, I found the system32
folder.
It
was
hidden like you said.

"Pegasus (MVP)" wrote:


"Sam Lightbourn" <SamLightbourn@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in
message
news:A6706489-AC35-4895-B137-B23F56843904@xxxxxxxxxxxxxxxx
I have received this message recently:

C:\WINNT\system32\cmd.com
The NTVDM CPU has encountered an illegal instruction
CS:0070 IP:00eb OP:fe 10 00 c0 15 Choose 'Close' to
terminate
the
application.

Does anyone know what this pertains to. Also, I noticed
the
System32
folder
in WINNT is missing. I need help with ASAP because it has
completed
disrupted my network and online access. thanks in
advance.
Sam

If your system32 folder was really missing then you would
not
be able to run Windows. The folder is probably hidden.

The error message you see was triggered by some 16-bit
application, probably a legacy application. What were you
running at the time? Did you reboot the machine to see if
the problem persists?















.

Loading