netsh.exe virus?

December 3, 2005 at 14:18:06
Specs: XP, 512mb

Hi all. The last couple of days everytime I boot up Win XP a dos prompt opens and netsh.exe runs. Sometimes cmd.exe tries to access the internet shortly after. I have checked the registry but can't see these anywhere. This is obviously very annoying. I have recently had to get rid of a virus file called xxx.exe by deleting it manually. Could this problem be connected to that virus? Anyone know of a way of removing it? Thanks.


See More: netsh.exe virus?

Report •


#1
December 3, 2005 at 17:15:21

djwolf, try the instructions at this link,run the trendmicro scan first.The additional Xp sp2 clean up procedure seems to apply to your problem. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.P&VSect=Sn

Report •

#2
December 20, 2005 at 03:11:36

I have exactly the same problem as djwolf, and I just cannot solve it. I dont think the link above applies/works with my problem. Please could someone help. Thanks

Help, help, help


Report •

#3
December 26, 2005 at 01:41:50

Hi,
I just accessed a web site and immediately after, the netsh.exe DOS windows kept appearing. I ran Spybot which found three "problems" (Grokloader and a couple of windows issues none of which were there a couple of weeks ago). I let Spybot "fix" them and I've had no problems since. i suspect spyware. I suggest that, if you do not have spyware software on your PC, you install and run Spybot (it's free). My problem may be different from yours, but it's worth a try - and may also clear up other spyware you don't even know about.


Report •

Related Solutions

#4
December 26, 2005 at 15:49:02

I had the same problem. What I had was a file called xxx.exe on my C: boot directory. I did a search on my computer for this file and found it in system 32 folder and C: . I deleted both files and I do not get Netsh.exe on bootup anymore. I am sure there are different variants of this spyware. I am not sure if it is totally gone. I hope it is.


Report •

#5
December 29, 2005 at 08:46:49

Hi,

i looked further into this and it looks like it might be related to the p2p tank virus. You may find a cmd32.exe executable in System32 in Windows directory - which should be just deleted. (Rename it if you're scared of deleting). Also, check google for cmd32.exe and you'll find lots of people recommending it's deletion. There may also be an entry in your registry for it labelled "ControlPanel" and referencing "LoadKeyboardProfile". I deleted this entry with no pparent ill effects. However, provided you have deleted the file, I don't think the registry entry matters so don't rush to delete that.
Finally, the virus I got also disabled my CTRL-ALT-DEL key so I couldn't see the spyware task running. Again, look up the message you get with CTRL-ALT-DEL (if it is disabled) and several sites give a fix for that. They don't all work, but I found one that did for me.
Unfortunately neither SpyBot nor AVG virus protection appeared to find these.


Report •

#6
January 1, 2006 at 07:37:49

I noticed the same problem and didn't really think anything of it until I read IanH's experience. I too have had my CTRL-ALT-DELETE function disabled and couldn't figure out why-- now I understand completely and need to get this off my computer. FYI... The following two sites (http://www.theeldergeek.com/enable_disable_task_manager.htm) and (http://www.dougknox.com/xp/utils/xp_taskmgrenab.htm) gave me the info I needed to get CTRL-ALT-DELETE to work again (However, if you don't get the spyware off your computer, it will be disabled upon reboot again). Thanks for all the help guys....

Report •

#7
January 2, 2006 at 20:02:42

Heres a website that showed me how to fix my pc showing my task manager by pressing crt alt del. I used mothed 2 the easiest way :)


http://windowsxp.mvps.org/Taskmanager_error.htm


Report •

#8
January 3, 2006 at 11:58:15

spybot search and destroy did not fix the netsh.exe apearing bot and now task manager is not apearing again. heres what it spybot left.

--- Search result list ---
Command Service: System Service (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService

Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService


Report •


Ask Question