Re: Installshied WOWEXEC Error
- From: "Wesley Vogel" <123WVogel955@xxxxxxxxxxx>
- Date: Sat, 10 Dec 2005 14:56:08 -0700
Trojans usually add cmd.com so typing cmd opens cmd.com instead of cmd.exe
and you'd get an error message like...
--------------------------
16 bit MS-DOS Subsystem
---------------------------
C:\WINDOWS\System32\command.pif
C:\WINDOWS\SYSTEM32\CONFIG.NT. The system file is not suitable for running
MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the
application.
---------------------------
Close Ignore
---------------------------
or
---------------------------
16 bit MS-DOS Subsystem
---------------------------
C:\WINDOWS\System32\command.pif
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running
MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the
application.
---------------------------
Close Ignore
---------------------------
I suspected something like...
WORM_ALCAN.A - Technical details
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ALCAN.A&VSect=T
or..
Symantec Security Response - W32.Alcra.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.a.html
InstallShield Search for wowexec brings up nothing
http://www.installshield.com/search/gsearch.asp?filter=p&as_epq=&q=wowexec&area=kb&area=helpnet
InstallShield Search for ntvdm brings up one article
http://www.installshield.com/search/gsearch.asp?filter=p&as_epq=&q=ntvdm&area=kb&area=helpnet
This article applies to the following:
Product(s):
InstallShield Express 2.1x, 3.5x
InstallShield Professional 3.x, 5.x
http://support.installshield.com/kb/view.asp?articleid=Q103299
InstallShield Consumer Central Frequently Asked Questions
http://consumer.installshield.com/faq.asp?
InstallShield Consumer Central - Common Errors
http://consumer.installshield.com/common.asp
Other than virus scans, yes, spyware scans.
If you are trying to load old programs I can see why wowexec and ntvdm may
be involved, but not for programs written for XP.
Not everything in the following article will apply. The article was written
for Windows 2000. However most of it does.
[[If it was not one of those, you can try the DLLs under the following
registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\W
Value: Known DLLs]]
The above should read...
[[If it was not one of those, you can try the DLLs under the following
registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WOW
Value: Known DLLs]]
Troubleshooting NTVDM and WOW Startup Errors
http://support.microsoft.com/default.aspx?scid=kb;en-us;196453
Troubleshooting MS-DOS-based programs in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314106
How to Troubleshoot 16-Bit Windows Programs in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314495
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:hgemp1l4uuflshmcmdo9qteama7qdubq1h@xxxxxxx,
Lokester <loster2@xxxxxxxxxxx> hunted and pecked:
> What happens if you type: cmd in Start | Run and click OK?
>>
>> Any error messages?
>
>
> No error message. Just get an MS-DOS window with a normal command
> line.
>
> I've run complete virus scans and I'm pretty sure that I'm up to date
> with definitions - I'll try again.
>
> I'm running Microsoft Bookshelf which is a pretty old program and as I
> recall the problems with this latest installed OS occurred when I
> installed that. Also I did get an error on that installation -
> however it did load. I checked the version of installashied for
> Bookshelf 2000 & it is Version 1 - seems I remember something about
> Installashield recommending Version 2 or better. Could that have
> somehow contaminated futher Installshield programs?
>
> I'd like to get a bit better idea of what I'm dealing with before I go
> through the process of loading yet another OS and reloading all of my
> programs. It appears that I'll have to do that anyway - I tried to
> load Studio 9 and was happy when it appeared to load correctly until
> the very end - then my computer locked and the program is in there but
> will not uninstall.
>
> Any suggestions on checking this Trojan possibility other than virus
> scans?
>
> Thanks for any suggestions.
>
> LL
>
> On Sat, 10 Dec 2005 12:43:14 -0700, "Wesley Vogel"
> <123WVogel955@xxxxxxxxxxx> wrote:
>
>> WOWEXEC.exe and ntvdm.exe only run for 16 bit applications, old MS-DOS
>> programs.
>>
>> ntvdm.exe is NT Virtual DOS Machine and WOWEXEC.exe is Windows On Windows
>> Execution Process.
>>
>> I bet you have a trojan.
>>
>> What happens if you type: cmd in Start | Run and click OK?
>>
>> Any error messages?
.
- Follow-Ups:
- Re: Installshied WOWEXEC Error
- From: Lokester
- Re: Installshied WOWEXEC Error
- References:
- Installshied WOWEXEC Error
- From: Lokester
- Re: Installshied WOWEXEC Error
- From: Wesley Vogel
- Re: Installshied WOWEXEC Error
- From: Lokester
- Installshied WOWEXEC Error
- Prev by Date: Re: Idiot proof removal of junk?
- Next by Date: How can I remove 'My Documents" from the taskbar?
- Previous by thread: Re: Installshied WOWEXEC Error
- Next by thread: Re: Installshied WOWEXEC Error
- Index(es):
Relevant Pages
|
