Has anyone found such behavior when Command Processor (cmd.exe) closes immediately after calling it? I’ve run McAfee AV and Windows System File Check (sfc.exe) and nothing wron
I've had similar problem - cmd.exe
was closing immediately after starting. I was able to keep it running by executing cmd.exe /K cmd.exe
, but it was closing after any invalid command. I've found out that my problem was caused by non default code page:
C:\>chcp
Active code page: 65001
To fix the problem I've removed registry entry:
[HKEY_CURRENT_USER\Console\%SystemRoot%_system32_cmd.exe]
"CodePage"=dword:0000fde9
Another solution is to change cmd.exe
font from raster fonts to a true type one.
I had this problem and found something to try that solved my problem.
Investigate registry entry HKLM\Software\Microsoft\Command Processor If there is an "Autorun" key, this key causes the batch file entry in this key to run at the beginning of the command prompt execution. You can try to skip this execution to test the solution using RUN cmd.exe /d
If the problem is user specific, check HKCU\Software\Microsoft\Command Prompt for this key. The current user entry mixes in with the local machine entry so if the key exists in the current user registry then it will try to execute the listed batch file.
On my computer the key was there but empty. If there is a batch file in this key then figure out what that batch file is doing and if you want it there.
I deleted the key all together and the problem went away.
On my computer the key was present in current user but not in local machine.
Somehow some virus probably put this key in the registyr but since it is a valid key, it is hard for malware detectors to find this.
I didn't find any other solutiosn to this problem on the web so please let others know if this works for you. I never post on forums but saw a bunch of questions about this and on good solutions so I thought I had to post.
I got the idea about this solution from this link.
http://software.oberberger.com/2008/09/interesting-stuff-about-cmdexe.html
Good luck.
This is a shot in the dark, but I have seen problems like this in the past when incorrectly specifying a debugger via Image File Execution Options. You might check to see if there's an entry for 'cmd.exe' there.
I suspect this is a virus called vmprotected cryptocurrency miner.
I found an app in C:\Users{profilename}\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe
Also: The follow values were modified Also there are two main keys you need to modify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
The shell key should have a value of explorer.exe and it was changed to %Comspec% which causes the command prompt to execute on login.
I would highly recommend you run a full virus scan and ensure the keys and executables are removed
Answering in case anyone else still runs into this problem. I have recently experienced same issue, and the reason for that was a bitcoin mining malware. I used Malwarebytes to scan the computer and remove the malware, which immediately resolved the problem.
Answering all questions:
Finally I got it SOLVED:
regedit
Go to HKLM\Software\Microsoft\Command Processor\
or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\
or HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\
For some reason there was AUTORUN key with "EXIT" inside.
AutoRun
key and everything should went back to normal.CMD.exe
should start to work again. Also,
In some cases, the Command prompt is also opening on Startup, which is when the above solution is applied hangs the system on Command prompt when you logon.
This can be fixed by using Autoruns, where you need to disable command prompt startup registries on Logon/Startup tab. (there can be more than one entries)
That one also explains why exit code was 0x0.
Have no idea what kind of thing set that key up... McAfee showed some activity lat week and I've noticed it last Friday.
Hope these symptoms and my answer will help someone in future