This showed up in, of all places, my Windows/Fonts folder recently. It’s in the startup list under MSCONFIG and I just spent the last half an hour trying to get rid of it using MSCONFIG and restarting in safe mode and no matter how many times I tell MSCONFIG NOT to load the startup items and how many times I restart into safe mode and how many times I uncheck the little box next to CMDANTI in the startup list, every time i restart my computer CMDANTi loads itself.
If I leave it go I don’t notice anything different, but eventually it dies and pops up a window saying “CMDANTI.exe has caused an error. CMDANTI.exe will now close.” It immediately restarts itself somehow.
When I try to delete it it says that it is currently in use. When I try to close it using the Task Manager it IMMEDIATELY restarts itself.
A google search on CMDANTI and CMDANTI.EXE came up with nothing. It has no business being in my FONTS folder and I would like either more information on what it is or some way to get rid of the damn thing. Please help.
Nothing on Google, Yahoo! or DogPile. Nothing on McAfee.com or Microsoft.com. About all I can suggest is backign up yoru Registry, then searching out and deleting all Registry keys containing “CMDANTI.EXE”. The use Run > SYSEDIT and check each startup file for “CMDANTI.EXE” and delete or comment out each entry. Also use FIND to see if it’s hiding out in some other directory, too. If you can’t delete it, try restarting in Safe Mode.
I should have noted in the OP that I have already run both SpyBot and AdAware 6 with the latest update files. I’m afraid I don’t know how to do the registry thing you suggested, Q.E.D.
As noted in the OP, I spent HALF AN HOUR trying to delete it by restarting in Safe Mode and it still managed to start itself no matter what I tried, before I even started this thread.
Sorry, I missed that bit. You’ve got a weird one there. Tell you what: start the Registry Editor by using Start > Run > REGEDIT. From the Edit Menu int he editor, click Find and type in CMDANTI.EXE and see if it finds entries for it. If so, we’ll help you back up the registry and delete any keys that reference it. Hopefully that will put an end to it, but I suspect it’s actually being created and launched by an evil parent process that’s probably not showing up in the Task Manager. It’s this process you need to track down, which could be problematic, if Adaware and Spybot can’t find it.
I did what you said, Q.E.D., and it came up with the following:
“Bonden,” btw, is what I named my color printer when I installed it on Saturday. SBC Yahoo! is my dialup internet connection, and the Ulead thing is, according to google, a prompt for me to register my copy of PhotoImpact.
Interesting. There isn’t any “fondiner.com”, but there is a fonTdiner.com. Seems innocuous on teh surface, and I can’t find any reference to installing software or anything like that. It sounds like that entry is in the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run key. It ought to be safe to delete that one entry from it.
It’s supposed to be fonTdiner. That’s where I downloaded the font from; the CMDANTI was not in that folder when I downloaded the font a year ago. I mistyped when I was writing what I saw in the regedit window.
I thought that might be the case. Anyway, I opened one of the ZIP files they distrubute their fonts on it, and there’s nothing in it but the TTF font file and a READ_ME text file in it. Weird. Sorry, I got nothing.
When something you disable in MSConfig keep coming back, it is often the case that there is a malicious process actually running on the machine while you do it, detecting your ‘interference’ and trying to stop you.
Install SysInternals Process Explorer, use it to track down and kill the malicious process, THEN do the MSConfig thing.
Go to www.webroot.com, click on “downloads” and download the free trial version of SpySweeper… it might catch something that AdAware and Spybot miss. It’s worth a shot.
Go to www.pandasoftware.com, click on “Products”, scroll down to the bottom of the page, and on the left hand side you’ll see an animated link (a computer with a crosshairs moving around over it) to a free online virus scan. Also worth a shot…