Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
General Vista Help and Support The general Windows Vista discussion forum, for topics not covered elsewhere. (microsoft.public.windows.vista.general) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
Command Line As Admin: Endless Clock?
Got a Vista machine where I suspect either malware or some drive
problem. User opens up Outlook, and it just clocks and clocks. The PC is effectively locked up and only a reboot will get it back. I open up a Command Line and no problem: I can Ping, list C: directories, and so-forth. But the Command window wants to be opened with "Elevated Mode", which I take to be Admin authority before it will let me do a CHKDSK C:... and therein lies a problem. When I try to open a Command Line window as Admin ("Run as administrator") , it never opens. Without Admin, no problem... with Admin nothing... I want to run CHKDSK, Malwarebytes, and a few other utilities, but none of them can be opened. TaskMan says the PC is idling along at between 20 and 50% CPU usage - with no apps running. Can anybody shed some light? Workarounds to let me do some diagnosis from a non-Admin command line? -- Pete Cresswell |
|
|||
Command Line As Admin: Endless Clock?
(PeteCresswell) wrote:
Got a Vista machine where I suspect either malware or some drive problem. User opens up Outlook, and it just clocks and clocks. The PC is effectively locked up and only a reboot will get it back. I open up a Command Line and no problem: I can Ping, list C: directories, and so-forth. But the Command window wants to be opened with "Elevated Mode", which I take to be Admin authority before it will let me do a CHKDSK C:... and therein lies a problem. When I try to open a Command Line window as Admin ("Run as administrator") , it never opens. Without Admin, no problem... with Admin nothing... I want to run CHKDSK, Malwarebytes, and a few other utilities, but none of them can be opened. TaskMan says the PC is idling along at between 20 and 50% CPU usage - with no apps running. Can anybody shed some light? Workarounds to let me do some diagnosis from a non-Admin command line? There is RKill. http://www.bleepingcomputer.com/download/rkill/ Other than that, I'd look for a Kaspersky rescue CD or Bitdefender CD, which are means of doing offline scans. You boot the CD and the OS is Linux (on the Kaspersky one). And that scans using signature analysis. MBAM on the other hand, is supposed to do a bit more, and is run on a system "hot", for heuristic (behavioral) analysis. So what the malware is messing with, gives it away. But by doing so, MBAM must face the defenses of the malware, and can be hard to start. While MBAM has its "chameleon" technique (renamed executables), sometimes that's not enough. And MBAM has enough dependencies, that for some users, even if the .EXE starts to run, some other portion of it has problems and it falls over. And the MBAM forums never discuss how to "help it", for fear of giving more information to the bad guys than is necessary. So that's a disadvantage for the home user, no really useful help info available. Maybe you'll get lucky with a little RKill help. I haven't used RKill either, but I understand it helps occasionally before using other tools. Since all these tools are freely available, any malware developer worthy of the title, is constantly testing against them. Which is why it's so hard to have a set of tools to use. Paul |
|
|||
Command Line As Admin: Endless Clock?
PeteCresswell wrote:
User opens up Outlook, and it just clocks and clocks. The PC is effectively locked up and only a reboot will get it back. Have the user load Outlook in its safe mode to check if an add-on is the problem. Users will install 32-bit add-ons when they have installed the 64-bit version of Microsoft Office hence Outlook is also 64-bit. Users will install an add-on that works okay in an old version of MS Office they were using to then upgrade to a later version of MS Office which makes the add-on crash. When Outlook loads, it loads the enabled add-ons. If an add-on crashes on loading, it takes Outlook with it. When Outlook exits, it first unloads all currently loaded add-ons. If an add-on crashes on exit, it takes Outlook with it. I open up a Command Line and no problem: I can Ping, list C: directories, and so-forth. But the Command window wants to be opened with "Elevated Mode", which I take to be Admin authority before it will let me do a CHKDSK C:... and therein lies a problem. Not if you run cmd.exe from the Start - Run menu. That will load the command shell but in non-privileged mode. Sounds like the user is using a shortcut to load the command shell (cmd.exe) but the shortcut is configured to Run As with admin privileges. That means you get a prompt asking if you really want to load the command shell with admin privileges. Either use a different shortcut that loads cmd.exe without admin privileges or use Start - Run or the Start menu searchbox to load cmd.exe as a normal process. That means that command shell can't do anything that requires admin privileges. You, er, the client could sacrifice the added security of UAC by disabling it. That would eliminate the UAC prompt whenever you load any program that wants admin privileges. That means malware can run, too, without any prompt. Has this user yet rebooted his computer. I don't mean shutting down into hibernate mode because on reload of Windows then it is restored to the same state (in the memory image). Have then completely shutdown Windows to make sure any pending changes from updates get completed. Many updates require a restart of Windows so in-use files can be replaced on startup. If that doesn't work, have then boot into Windows' safe mode (go into the boot menu), log into Windows to get to their desktop, and then reboot into Windows' normal mode. Sometimes an update requires a kick in its ass by using safe mode and then go into normal mode. When I try to open a Command Line window as Admin ("Run as administrator") , it never opens. Without Admin, no problem... with Admin nothing... Load Task Manager and look at its Processes tab. Position the list of processes so you can see the load of any process that begins with "c". Try loading (however is not clearly mentioned) cmd.exe again and see if a same-named process shows up in Task Manager. There may already be a slew of cmd.exe processes already loaded. Kill them and then retry just loading one instance of it. I want to run CHKDSK, Malwarebytes, and a few other utilities, but none of them can be opened. Run anti-malware from bootable media; e.g., bootable CD/DVD or USB flash drive. Could be malware. Could be the client hosed their own system, like they used a tweaker or double-clicked on a .reg file they got from somewhere and that removed the filetype associate for .exe files. Even in a non-privileged command shell, you can run "assoc .exe" to see what handler was assigned to that filetype. You should get: assoc .exe ..exe=exefile exefile is the class ID for the .exe filetype handler. If you can run regedit (that will require admin privileges), look at the registry key: HKEY_CLASSES_ROOT\exefile Make sure that registry key is defined. Under it is a 'shell' subkey and under that should be 'open', 'runas', and runasuser' subkeys. Under those should be a 'command' subkey whose default data item's value should be: "%1" %* The handler isn't exposed here. "%1" means the environment variable %1 that holds the name of the .exe file on which you double-clicked in Windows Explorer (I assume you can still load that). The %* means to add all the rest of the parameters passed to the command shell that loads to handle the executable process. For example, a command line of "notepad.exe c:\docs\myfile.txt" would have "%1 = notepad.exe" and "%* = c:\docs\myfile.txt". Alas, if the symptom is .exe files won't load then you also cannot load regedit.exe to look at the registry. You may be stuck with using bootable media with anti-malware usable from that. Have you tried booting into Windows' safe mode yet? TaskMan says the PC is idling along at between 20 and 50% CPU usage - with no apps running. Did you click the button to Show All Users in Task Manager's Processes tab? If there is 50% CPU usage then one, or more, processes are using up that much. It may not be just 1 process but a couple of them. |
|
|||
Command Line As Admin: Endless Clock?
Per VanguardLH:
Run anti-malware from bootable media; e.g., bootable CD/DVD or USB flash drive. Could be malware. I think that's the strongest possibility. The wife is OK, but the macho husband has a history of overriding Avast's "Warning" dialogs... totally hosed the box a couple years ago. Can't recall the name of the malware, but it was one of the nastiest at the time. Could be the client hosed their own system, like they used a tweaker or double-clicked on a .reg file they got from somewhere and that removed the filetype associate for .exe files. Even in a non-privileged command shell, you can run "assoc .exe" to see what handler was assigned to that filetype. You should get: assoc .exe .exe=exefile exefile is the class ID for the .exe filetype handler. If you can run regedit (that will require admin privileges), look at the registry key: HKEY_CLASSES_ROOT\exefile.... I'd working this from about 90 miles away via TeamViewer, so anything that requires Safe mode or booting a DVD will have to wait until I get down there. Stumbled on to http://support.microsoft.com/kb/2688326 awhile ago - and that's what your instructions seem to boil down to. They're using the PC now (it will do web stuff, no problem...although that raises the question of how Chrome.exe gets launched....). But when they're done, I will try the registry fix and report back. Thanks for all the detailed info. If the registry fix does not do it, I'll work the rest of it. -- Pete Cresswell |
|
|||
Command Line As Admin: Endless Clock?
Per (PeteCresswell):
Stumbled on to http://support.microsoft.com/kb/2688326 awhile ago - Seems like a Catch-22 situation: the problem is that a .EXE cannot be open, yet the proposed solution is to open RegEdit.exe. Strangely, assoc .exe seems to return the expected result: Microsoft Windows [Version 6.0.6002] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Users\xassoc .exe .exe=exefile Also strangely, in a Command Line window I can navigate to C:\Program Files\DVD Shrink and run the DVD Shring .exe... OTOH, C:\Windows\Regedit.exe just causes the window to freeze - I guess because it wants Admin authority, although my recollection is that it should issue a prompt to that effect. Unable to open up a Command Line window with Admin privileges, I guess my next task is to figure out how to disable UAC (whatever that is.... -)) without using RegEdit. Google is probably going to be my friend for the next hour or so... -- Pete Cresswell |
|
|||
Command Line As Admin: Endless Clock?
Per (PeteCresswell):
Unable to open up a Command Line window with Admin privileges, I guess my next task is to figure out how to disable UAC (whatever that is.... -)) without using RegEdit. Google is probably going to be my friend for the next hour or so... I think I'm SOL on this one. MyComputer | Control Panel | User Accounts | Turn User Account Control on or off causes the window to hang - just like trying various other operations. It's like somebody had this thing sewed up really tight. Oh well... haven't seen the New Jersey shore in the dead of winter for a few years.... and I'll certainly get a free meal out of it... -- Pete Cresswell |
|
|||
Command Line As Admin: Endless Clock?
Per (PeteCresswell):
I think I'm SOL on this one. And... It's just dawned on me that Avast is no longer running on the box. Logical because I've rebooted it many times and if .exe's can't run, i stands to reason that the Avast .exe could not auto start. Call me paranoid, but more-and-more this is sounding like malware and, maybe even.... that PC is doing somebody's dirty work right now as I write this. -- Pete Cresswell |