I m facing this problem since last week but couldn't find any workable solution for me. windows command prompt appear in start up then i must enter explorer.exe then window open for me. it don't directly open.
I hide all Microsoft program from msconfig. some suggest me to update window in latest version i did that too. some told me to run various kind of command like scf/scanner. i did that also.. but this is not worked for me.. can anyone one help me to solve this problem.
Not that your question is remotely on topic here, but here's my suggestion.
At the prompt, type the following and press the ENTER key:
%__AppDir__%reg.exe Add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /V Shell /D "explorer.exe" /F
Then type the following and press the ENTER key:
%__AppDir__%shutdown.exe /R /T 1
Your PC will reboot, and hopefully return to its normal explorer interface.
Related
I know how to completely hide a cursor,
But is their any way to just stop it from blinking?
It's oddly disturbing...
I'm not gonna install 3rd party software for this,
what I want is simple solution using few lines of C++.
Go to Run prompt (Win+R)
Paste into Open box:
control main.cpl keyboard
Press OK Keyboard properties dialog appears.
Set Cursor blink rate to None. Press OK
For the record, by cmd you can do the same
You can save this code as desable_cursor_blink.cmd, and click/run...
Windows Registry Editor Version 5.00; [HKEY_CURRENT_USER\Control Panel\Desktop]"CursorBlinkRate"="-1"
reg import %~f0
By command line, you also can try:
%__APPDIR__%reg add "HKCU\Control Panel\Desktop" /v CursorBlinkRate /t REG_SZ /d -1 /f
I've noticed that my command line didn't start anymore, it just immediately minimized and closed itself upon running. I suspect this is due to a virus or at least some kind of malicious program having been executed. I found the following code inside my registry. It seems legible but my knowledge of batch / the command line is limited. Can anyone tell me what it does?
#mode 20,5 & tasklist /FI "IMAGENAME eq SoundModule.exe" 2>NUL | find /I /N "SoundModule.exe">NUL && exit & if exist "C:\Users\Leon\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe" ( start /MIN "" "C:\Users\Leon\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit )
According to this reddit thread, it's a "vmprotected cryptocurrency miner".
You most likely got it if you installed anything you downloaded from the torrent network, for example a popular game released in the past few weeks :^)
The following SO thread contains part of the solution: CMD.exe closes immediately after calling (Win7 64)
The malicious party added an AutoRun directive via registry to the Windows Command Processor (cmd.exe usually), which you need to remove from any of the following locations it's present in:
Computer\HKEY_CURRENT_USER\Software\Microsoft\Command Processor
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor
What the directive does is to execute SoundModule.exe and then explorer.exe (if not already started).
According to the other reply in this thread, they set %comspec% to run at startup, via Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.
So on startup, it's running %comspec% (instead of the default Windows Explorer), which itself on start first runs SoundModule.exe and then explorer.exe. Not sure why they did it this way, anyone who makes use of cmd.exe was bound to figure it out and spread the word.
There are at least two confirmed VirusTotal records for this file: [1], [2]
I had the same program on my computer, check Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon for the shell value which is most likely "%comspec%" (which makes sense why it was just cmd running on startup since %comspec% is cmd.exe) and change it to "explorer.exe"
Run regedit
Go to HKLM\Software\Microsoft\Command Processor\ or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\ or HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\
For some reason there was AUTORUN key with "EXIT" inside.
Remove the AutoRun key and cmd will work fine.
Then check Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon for the shell value which is most likely "%comspec%" (which makes sense why it was just cmd running on startup since %comspec% is cmd.exe) and change it to "explorer.exe" as the user above said.
Edit: I also found that it was a cryptocurrency mining virus located at %appdata%\Microsoft\SoundModule or SoundMixer on my case.
You should probably delete this file too.
For reference, I will add that I was able to verify that my issue was the Autorun registry key by using Win-R to bring up the "Run" dialog, and typing cmd /d (which disables any autorun per the windows docs [https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/cmd] . This successfully opened a command prompt window.
Inspecting the registry, my HKEY_CURRENT_USER\Software\Microsoft\Command Processor had Autorun as Type=REG_SZ and Data=if exist. I made a restore point, then renamed that key to AutorunOld ... and then I was able to open a command prompt without issue.
First off, I know this is not default behavior. In fact, I've never seen anything like this happen and I'm a long time Powershell user.
I have no problems with the Insert key in any other application. However, in Powershell, its initial state is off, or "overwrite" - which is barely if every used anymore. When I press Insert to turn it on and run a command, it then turns back off.
This has become overwhelmingly frustrating as I frequently press Up Arrow to go to the previous command to edit it, and find that it's in overwrite mode and it really messes me up.
I googled and found nothing, so I decided screw it, I'm getting a new work PC soon anyhow, so I'll just get in the habit of hitting Insert every time I press Enter. Works fine - until I switch PCs and now at home I've been hitting Insert by habit and driving myself nuts.
This behavior happens in all Powershell windows - 64-bit, inside VSCode, etc.
On demand answer:
Check the InsertMode value in HKCU\Console registry key (and all subkeys). If present, then the value should be 1 for most console prompt-like programs, e.g. as follows (output truncated for brief: removed Ubuntu and multiple Command Prompt):
^^> reg query HKCU\Console /V InsertMode /S
HKEY_CURRENT_USER\Console
InsertMode REG_DWORD 0x1
HKEY_CURRENT_USER\Console\Command Prompt
InsertMode REG_DWORD 0x1
HKEY_CURRENT_USER\Console\powershell
InsertMode REG_DWORD 0x1
HKEY_CURRENT_USER\Console\Windows PowerShell
InsertMode REG_DWORD 0x1
HKEY_CURRENT_USER\Console\Windows PowerShell (x86)
InsertMode REG_DWORD 0x1
End of search: 9 match(es) found.
You'll probably want to go to the PowerShell properties to make sure that the Insert Mode is checked (set on) at the Options tab.
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\ folder seems to be the right place where the Windows PowerShell.lnk shortcut is used to be saved. However, there could be more PowerShell shortcuts. Check
where.exe /R "%USERPROFILE%" *Powershell*.lnk|findstr /V /C:"Shell ISE"
or even (run from an elevated command prompt)
2>NUL where.exe /R C:\ *Powershell*.lnk|findstr /V /C:"Shell ISE"
I need to restart explorer.exe after my application is installed. I'm currently using:
taskkill /f /im explorer.exe
start explorer.exe
That works ok on windows 7, with administrator or standard user, but when I try this on windows 8 as a standard user, the command just kills the explorer and doesn't restart it.
This happens because the command line is called as administrator, even with the standard user. Then the explorer doesn't restart.
Any thoughts about how to solve this?
The code should work but since I'm not using win8 (no thanks) can not diagnose.
But some I can offer.
This may work (time needed to unload some handlers) And double tried with or without start (yes it differs in some software, don't know win8)
taskkill /f /im explorer.exe
timeout 7
start "" explorer.exe
timeout 2
explorer.exe
explorer.exe keeps many handlers, shell stuff etc. One of those can cause trouble. Try also to disable them and test again
If not you can also try reexplorer tool to do the same. Maybe they considered this kind of situations while coding.
All bests
I'm helping one of my friends with his QA work. A lot of the time ctfmon.exe is always running in the background and he says it takes up memory on the computer for when he's testing. My friends work machine is using Windows XP
He already tried what was said in this article but it didn't help.
http://www.howtogeek.com/howto/windows-vista/what-is-ctfmonexe-and-why-is-it-running/
We then tried to create a simple batch file that would stop the process for him.
Here are the two files that we have
delete_cftmon.reg:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=
Novoice.bat
taskkill /F /IM ctfmon.exe /T
regedit.exe /s delete_cftmon.reg
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run C:\WINDOWS\system32\ctfmon.exe
rem reg delete [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"
I get the following errors "invalid command line parameters" and "Invalid key name"
When we enter the commands via the command line it works fine.
I believe it has to do with HKEY_CURRENT_USER but I'm not entirely sure why.
Any help would be greatly appreciated.