PDA

View Full Version : Getting rid of cmdservice. So many answers, which one is the right one?



Injectedlove
2006-10-29, 21:13
Sorry in advance if this is wasting anyones time, but I'm rather concerned..

I've recently (about 3-4 weeks ago) been infected with a rather large virus via MSN Messenger, - no surprise from the source, I know - I recieved it from a friend - mid conversation. It was a "is that you in this picture? >link<" I won't post the link as I wouldn't want anyone else to get it.

It finds all your contacts and without any control it pastes this message repeatedly to all your contacts - unsurprisingly they also get this virus.

I turned my computer off as soon as I realised what was going on.

I spoke to the friend and she gave up trying to clear it completely and went to PC World. Bad move as they wipe your entire computer.

My Dad is a computer expert and so got rid of the majority of it. Only to find it re-installed itself and I kept getting pop-ups that weren't visable but appeared in my history.
This was eventually dealt with, but unfortunately some of my programs won't run properly now and when editting profiles etc on the internet, it won't save, only to go to "No page to display".

Yes I can accept that 'shit happens' and with some of the good (getting rid of the virus) comes some bad (the leftovers of the virus).


I continued with the normal routine of virus scanning, etc with AdAware SE Personal etc, Spybot S&D, Symantec and Trend HouseCall.


Now, to the main point. I've read through many many forums of the 3 remaining bastards on my computer are quite common among other peoples' computers.
Introducing the famous:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService


The first one is dealt with but re-appears on a second scan after reboot with Spybot. I realise they could be a positive negative or something but I didn't understand what it meant.

There are many posts about them but I couldn't find a cure anywhere.

I Google'ed these, and came across the forums, I found no cures, so went back to the Google page and found this link:

http://www.bleepingcomputer.com/forums/lofiversion/index.php/t50708.html



Please scroll to the very bottom to see the steps I followed by Buckeye_Sam.

If you do not want to go to the link;

Click Start -> Run -> sc delete cmdService
Click Ok.



Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as fix.reg (set Filetype to "All Files") and save it on your Desktop.

CODEREGEDIT4

[-HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/cmdService]

[-HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/cmdService]

Double click on fix.reg and ok the prompt to merge into the registry.



Reboot your computer. Let me know if Spybot stills comes up with those entries.
___________

I did this and it seemed cured. 'But surely that was too easy?' I asked myself. And to be honest I didn't entirely trust the site.

I returned to the Spybot forums and in the Search tab typed in HKEY_LOCAL .. etc etc /cmdservice

I found this page; http://forums.spybot.info/showthread.php?t=8215

And followed the Steps given by Shaba.

Although, not everything applied to me. The differences were, I didn't have the same to select from HijackThis as this other person did, I only had;

O2 - BHO: (no name) - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - (no file)


I followed the rest, and said to delete some files. I didn't have any of these.

I clicked the Kaspersky Online Scanner link, and scrolled down to "Accept".

Nothing happened and so I have posted. Please help and solve my confusion with this issue?

Many thanks in advance. :)

tashi
2006-10-29, 22:09
Hello.

Please follow the procedure in this link, applying fixes given to another member whose own log has been analysed is not a good idea.

"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D (http://forums.spybot.info/showthread.php?t=288)

Once you have posted the information a helper will take a look as soon as available.

Regards. :)

Injectedlove
2006-10-30, 00:44
Many thanks.

And thanks for the very quick reply, even on the weekend! :bigthumb:

LonnyRJones
2006-11-06, 15:41
Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send me or Tashi a PM (personal message) and we will re-open it.