Virus or damaged file?

Published on July 6, 2002 By MarkMcQ In WinCustomize Talk

Looking for some info from anyone who has a techy understanding of Win 2K (Looking at you programmer types, hehe).

Yesterday when I booted up into Windows, explorer became EXTREMELY unstable, sometimes running incredibly slow (Taking up to a minute to load explorer windows and whatnot) and in some cases not responding at all.
I started closing stuff down from the taskmanager to see if it helped, and saw a 'cnd.exe' running. I've never had this running before, and closing it seemed to sort the problem out.
I did a search and found it residing in my C drive, and after moving it, my system appears to be back to normal after booting up.

The 'created' date of the file is the same day the probs started, so my question:
Is this a virus, or a file native to 2K that has somehow become corrupted?

Comments

Doreen

on Jul 06, 2002

Well for me when a file goes wiggy and gets corupted on me I search it down, remember the directory I dissected it out from and trash it by going to the CD and searching for the same file and overwriting the messed up one w/ a fresh version again...

go ahead and laugh, I just felt like typing right now... but me always does things my own crazy way whether it makes sense or not and the funny thing is usually the weird stuff works!

anyways always someone around this place that has the right answer I'm just saying hello hippy rabbit!

Doreen

on Jul 06, 2002

Beware: when messing w/ files on your system don't try "weird things" unless you have other computers laying around your house just in case... hehe

don't know why that file looked familiar (thought it to be part of OD but it's not, I just checked my system)

Doreen

on Jul 06, 2002

okay hippy I loaded up my w2K machine and I have no such file like that running in my bg on that machine either so apparently it's not w2K related.
it must be a file that belongs to a program running around lose for no good reason (as do "most" things running in the task manager)

MarkMcQ

on Jul 06, 2002

It's looking very well like a virus, although it didn't set off any bells with my checker.
I'd really love to know what exactly this file is.

migellito

on Jul 06, 2002

i missed you, so i hacked into your system and put it there hippy.. those cables go two ways you know..

pjpowell

on Jul 06, 2002

Sounds like a virus to me. The name is too similar to cmd.exe. Has to have been designed to be passed over on a quick scan through the taskmanager by eye. Have you tried running it through dependency walker. That should show what it's doing (or trying to). Also could try running the sysinternals tools at www.sysinternals.com and see if it's writing to disk or modifying registry etc. If you don't want to risk your PC more than it has been already send me a copy and I'll have a look on my spare machine.

Doreen

on Jul 06, 2002

well I hope you come back and let us know what it was when you find out...
Doreen don't think it is a virus though...

DavidK

on Jul 06, 2002

I checked my win2k box and I don't have that file either... I did have a very similar problem with that machine that I think was related to some corrupted graphics files. It only happened when I was working in Illustrator and then only with a particular job. Trying to open the directory the drawings were stored in would crash the system. I thought I had a virus when it was happening and eventually formatted the drive and reinstalled everything. That fixed it but the graphics files were still hosed.

Good luck Mark... I hope your cure fixes it for good...

Jafo

on Jul 06, 2002

I have a fairly 'clean' install of 2K on another drive...just checked it and in 15,000 files there's no cnd.*....exe, or otherwise.
I'd suggest renaming it and change the extension....do a registry search for any keys relating to it and delete those [back-up first]....and send me a copy and I'll try trashing my system with it....[why not? I do it all the time with weird shells].
If all it's doing is pinching CPU cycles it's more like just a badly written proggy than a virus necessarily...

MarkMcQ

on Jul 06, 2002

Well, it's sitting on my desktop now and my system is running fine, so I'm gonna try finding out what the little bugger is before I delete it for good.
I won't be surprised if it does indeed turn out to be a virus.

UBoB

on Jul 06, 2002

Did a Google search the only program I could find that has a file called cnd.exe was something called "Nordex School". Do you or did you ever have such an app on your system?

MarkMcQ

on Jul 07, 2002

Nope, never had that one installed.

UBoB

on Jul 07, 2002

Didn't think so.

I also found this strange little Japanese site that dealt with internet security. Most of the writing was in Japanese characters so I was lost.....However, under a section entitled "Nimda" they listed a number of files and one was "cnd.exe". I can't say for sure if cnd.exe was part of the nimda virus or was a file that was infected by the nimda virus......if only I could read Japanese.

Just having the cnd.exe file associated with the nimda virus would be enough for me to get rid of it.

UBoB

on Jul 07, 2002

P.S.

This one is a long shot. There is a little game called "Pirates" by Amiga. The "cnd.exe" file can be found when the software is unpacked.

Doreen

on Jul 07, 2002

Doreen still does not think it to be a virus...

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!