In windows, the cmd command line is disabled.

Source: Internet
Author: User


1. [HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Windows \ System \ DisableCMD] Background: Has the command prompt been disabled by the System administrator? Many viruses disable CMD in this way. Usage: this is a key value of type REG_DWORD. If this value is not available, CMD can use it when the data is 1 or 2, when you enable CMD, the system prompts "the command prompt has been disabled by the system administrator". When the data is other numbers, CMD can also use www.2cto.com.
Solution: Find this item in the Registration Table editor (regedit.exe) and delete it. You can run the command: reg delete "HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Windows \ System"/v "DisableCMD"/f (of course, since your CMD has been hijacked by images, how can I open it? Enter this command in "run)
2. [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Command Processor \ AutoRun] [HKEY_CURRENT_USER \ Software \ Microsoft \ Command Processor \ AutoRun] Background: This is a self-starting item of CMD. When you open the CMD and batch processing scripts, CMD checks the data of these two key values first. If one or both exist, the data of these two key values will be executed first. Some viruses set this value as their own path so that the user can run the virus body before opening CMD. Www.2cto.com usage: this is a key value of Type REG_SZ, as long as the data is one or more valid commands, CMD will first check HKLM, then HKCU
Solution: Do not double-click or directly add CMD to the command line. Instead, add A/d parameter. cmd will not check the two key values in the Registration Table editor (regedit.exe, set its value to null. You can also delete it from the command line: reg delete "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Command Processor"/v "AutoRun"/f reg delete "HKEY_CURRENT_USER \ Software \ Microsoft \ Command Processor"/v "AutoRun"/f
3. [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ cmd.exe \ debugger] www.2cto.com Background: Image hijacking technology, I believe everyone has heard of it... that is the era of AV terminator. It enables users to open the virus body when they kill software. Since it can also be hijacked, what is the difficulty of a small CMD? Usage: this is a key value of the type REG_SZ. As long as the data is a string of any line (not a null character), the CMD cannot be opened. Instead, the CMD cannot be found. if the data is a valid file path, the file will be opened when CMD is opened.
Solution: Find this item in the Registration Table editor (regedit.exe) and delete it. You can run the command: reg delete "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution Options \ cmd.exe"/f author haige18.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.