What is Cmd.exe

Windows Command Processor - Microsoft® Windows® Operating System - Microsoft Corporation

File description

Cmd.exe with description Windows Command Processor is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
The file is digitally signed from Microsoft Windows Component Publisher - Microsoft Timestamping Service
We do not recommend removing digitally signed files from Microsoft Windows Component Publisher

What is cmd.exe?
Cmd.exe is the Windows Command Prompt. It is the Windows equivalent of COMMAND.COM in DOS. The following is a screenshot of the command prompt in Windows XP:



This is a system executable but it does not need to be running and can safely be killed. By killing this process, a command prompt window will be closed and any unsaved data will be lost. Even if you do not use the command prompt, however, do not delete cmd.exe, as your system will encounter problems. The screenshot below illustrates how this process should appear in the task manager:



In the above screenshot, cmd.exe is running as the current user (Mike); it is typically not run as SYSTEM or any other user; however, running as such a user is not necessarily indicative of a malware infection.

Dangers of cmd
As this is a common legitimate process, it is common for virus writers and spyware vendors to disguise their malware as the genuine cmd.exe.

Some malicious files will have the same name as this process but will be stored somewhere other than in %SystemRoot%. Other malware will use a name that appears similar to that of the Command Prompt but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as the Command Prompt:
  • W32/Beaker-B (%SystemRoot%\System32)
    • This is a mass-mailing worm that overwrites your real cmd.exe. You will need to restore cmd.exe from your Windows installation disc.
  • Troj/AdClick-DS (%SystemRoot%\System32\spool)
    • This is a Trojan that can communicate with a remote server.
  • W32/Sdbot-DKJ (%SystemRoot%)
    • This is a worm that includes functionality to communicate with a remote server.
  • W32/Mobler-A (%SystemRoot%\System32\cmd.exe.exe)
There are often multiple instances of this process running at a given time. The presence of multiple instances of this process is not an indicator of a malware infection. Note that this process should not be running if you are not running a command prompt or a command-line application. If it is, your system may be infected with malware.

Common problems
  • Cmd.exe uses 100% CPU time
    • This can be caused by any command line application that may be using 100% of the CPU. This problem is likely not actually related to cmd.exe itself.
  • The Command Prompt crashes
    • This is typically caused by a faulty command line application. Try troubleshooting the application that causes cmd.exe to crash.
  • "The application failed to initialize properly (0xc0000142). Click on OK to terminate the application."
    • This could be caused by insufficient heap space. Ensure that no other processes are out of control with respect to multiplicity (how many there are) and memory usage.

Automatic startup locations

001 Running Processes
002 Autorun registry entries local machine
003 Autorun registry entries Current User
004 All users startup startmenu
005 Current user startup startmenu
006 Start Menu\Programs\Startup
007 Roaming Start Menu\Programs\Startup
008 Autorun registry entries Default user
010 Installed services
011 Installed drivers
012 Autorun registry entries S-1-5-XX users
013 RunOnce registry entries S-1-5-XX users
033 Winlogon Userinit
034 Winlogon Shell
035 Active Setup Installed Components
065 Image File Execution Options (debugger)
073 %windir%\Tasks
074 %windir%\System32\Tasks
135 Current User Runonce (+ subkeys)
136 Local Machine Runonce (+subkeys)
138 Local Machine RunonceEx (+subkeys)
146 AlternateShell
151 HKLM Autorun
163 HKCU Policies\System\Shell
166 HKCU Policies\Explorer\Run
167 HKLM Policies\Explorer\Run
171 Screensaver
192 Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce

Digital signatures found for this file

    Certificate 
71 Microsoft Windows Component Publisher - Microsoft Timestamping Service
41 Microsoft Windows Publisher - VeriSign Time Stamping Services Signer
30 Microsoft Windows - Microsoft Time-Stamp Service
28 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Services Signer
17 Microsoft Windows XP Publisher - VeriSign Time Stamping Service
13 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service
6 Microsoft Windows Publisher - VeriSign Time Stamping Service
5 Microsoft Windows - Microsoft Timestamping Service
5 Microsoft Windows XP Publisher (Europe) - VeriSign Time Stamping Service
3 Microsoft Windows - VeriSign Time Stamping Services Signer
3 Microsoft Windows Component Publisher - VeriSign Time Stamping Services Signer
2 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service
2 Microsoft Windows XP Publisher - VeriSign Time Stamping Services Signer
2 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service CA SW1
2 JP Software - VeriSign Time Stamping Services Signer - G2

MD5 security rating in our database

1909 files (Not yet rated and not signed)
5 files (Not yet rated and digitally signed)
10 files (Safe and not signed)
263 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to cmd.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of cmd.exe: by 2187 files and users.

Application errors

Fix cmd.exe application error:  Run a FREE registry scan

User comments

There are no user comments yet for this file.


Please add your comments if you have more information about this file or if you know how to solve cmd.exe application errors.


File safety :

File security rating :

Are you human? How much is 10+10:


Like this page?

Please support this free service by giving us a Google+1


Browse files by letter

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

More system processes

cmd32.exe cmdagent.exe CmdApl.dll
cmdapp.dll cmdatp.sys CmdBackUp.exe
cmdbcs.exe cmdbcsi.exe CmdBkSvc.exe
cmd-bro-ilx.exe cmd-brontok.exe cmdbs.exe

Lansweeper computer inventory From the creator of Runscanner:

Lansweeper
is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.