Exterminate It! Antimalware

malpedia

Known threats:8,378,108 Last Update:August 22, 08:32

Testimonials

Dear Mat,

Thanks you have saved my life, superb programme well worth the money. There seems an awful lot of viruses or trogens knocking around at the moment, I will recommend your product.

Andy

File: cmd.com

Location of cmd.com and Associated Malware

Check whether cmd.com is present in the following locations:

cmd.com file locations that are Windows version independent:

  • C:\Windows\System32\cmd.com

If you find cmd.com file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The cmd.com file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of cmd.com File^

File SizeFile Md5Last Seen
46489679CB8AA7DD0FA8EB546F86EFEF523053Oct 28, 2010
57344FEA4E8A97EF3F56BFD1DBE59B289F77FJan 29, 2011
4725760BEB013014D8C02DF23ED8BBDA059BEEJun 21, 2011
38912049A5F0A9A539780BA5A1A202416915A0Sep 13, 2011
47206414C416736808A77D91F9D0D480B7A9F1Oct 17, 2011
388608EEB024F2C81F0D55936FB825D21A91D6Dec 6, 2011
401408283433A9DD6C0877DBE0E55A6908EA80Mar 5, 2012
388608669241198445B48A3DF9F116A7F3D89AApr 2, 2012
2AC6AD5D9B99757C3A878F2D275ACE198Dec 16, 2012

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove cmd.com^

  1. To enable deleting the cmd.com file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select cmd.com and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of cmd.com and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of cmd.com and Associated Malware.
  6. Notes:

    • The deletion of cmd.com will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of cmd.com will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a cmd.com malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type cmd.com. The name of the first found registry value referencing cmd.com is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to cmd.com, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of cmd.com and Associated Malware.