cmd prompt appears instead of booting windows after using Hitmanpro to remove a trojan

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
R

rdm100

Honorable
May 12, 2013
5
0
10,510
Hitmanpro removed the ukash police virus so I could access my computer again but now when I boot up the command prompt appears instead of just loading windows. If I just type explorer then windows does load.

When the cmd window appears it reads:
"C:\Users\User\Documents\69323f56.exe" is not recognised as an internal or external command, operable program or batch file.

This file was removed by Hitmanpro as a "Remnant"

Was this part of the trojan or have I deleted something that I really shouldn't have?

Any help is welcome
 
Solution
S
Just fought this myself. Run regedit and go to HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon and look for a shell key with a value of cmd.exe and delete it.

May also need HKEY_CURRENT_USER\Software\Microsoft\Command Processor and look for an autorun key with that exe and delete it as well.
Sort by date Sort by votes
I'd stake a small amount of money on Safe Mode with Command Prompt working properly. Give that a try then at the prompt, type regedit and press Enter.

From the File menu, select Export and note the name and location of the backup you're about to make in case anything goes wrong.

Then, from the Edit menu choose Find and type in the name of that file in the your first post. It will probably show up in CURRENT_USERS or LOCAL_MACHINE then Software/Microsoft/Windows/Current Version/Run or RunOnce but there may be Start Menu entries as well which call it up at boottime and stop anything else loading because that file no longer exists. Delete any entries you find.

Close the registry from the File>Exit menu and back in Command Prompt, type:-
net user /add fred coffee
then press Enter. You now have a new account in to which to log if yours fails. The name is fred and the password is coffee. You can delete it later if you can access your own account.

Type exit to leave the Command form and restart the computer. Did you get back in or did fred gain access?
 
Upvote 0 Downvote
Ok, I searched for cmd.exe /k start cmd.exe and it only found that same entry, in one spot. Delete the value again.

I added the fred command and it says, The user or group soecified cannot be found. THe user was successfully created but could not be added to the users local group. Type in NET HELPMSG 3774 for help.

Rebooted, and same issue.
 
Upvote 0 Downvote
Did the fred account not show up on the login screen beside your own? That message often shows up but the account is there regardless. Have you tried Safe Mode again? If that fails, try again but this time go for with Command Prompt. At the prompt, type explorer.exe and things should light up as usual.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom