"Command Service" malware

[Davka]

This one's a real pain. The machine I'm cleaning belongs to a teenage girl, and it was so infested I would have wiped and started over, but she lost her OS recovery CD, so I'm stuck with a cleanup.

After running AVG, Ad-Aware, Spybot, Hijack This and a few other more obscure programs, I seem to have removed everything but one nasty little persistent critter that Spybot identifies as "Command Service." I turned the service off, disabled it, deleted it, re-ran Spybot in safe mode, and it managed to pull out 2 of the 5 instances of the malware. But Spybot still finds 3 instances, which it cannot remove, even when I allow it to run on reboot.

Any ideas?

-------------------------

BTW - here's a more detailed list of what I've tried so far, just to minimize redundant suggestions:

Programs:

- AVG free (safe mode and standard)
- Ad-Aware (safe mode and standard)
- Adware Away (safe mode and standard)
- Hijack This (doesn't see the file)
- Spybot (safe mode and standard)
- smitRem.exe (safe mode)
- Kaspersky free trial
- TrendMicro online scan (housecall)

Actions:

- Deleted the service via DOS command (sc delete cmdservice)
- Removed all references to command.exe from the registry
- Searched the hard drive for command.exe, including hidden and system files (not found)
- Invoked the hallowed name of Foo Bar while pounding on the keyboard rhythmically

Alas, the computer gods are not smiling on me today.

[Davka]

OK, I fixed it, but it involves a registry hack, so I'm not going to post it here.

Thanks for checking out my post, folks!

[pskelley]

Member fixed the issue, thanks for posting to let us know
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.