Unable to fix "Command Service"
Hi,
I ran spybot and it found 3 problems called "Command Service." It was able to fix one, but the other two were untouchable. It then told me to restart my computer so that spybot could run on startup. After doing this, it again failed to remove the problems.
I'm not experiencing any serious problems with my computer, but is this something that I should be worried about?
I have these as well, haven't tried to Fix them yet...
EDIT: TrojanHunter, spysweeper, a2 all add this registry entry, probably more security apps also.
mchInjDrv (Mad code hook injection driver)
Malware can use it, but if you use any of the above security apps, then it's a false positive.
Last edited by dadkins; 2005-12-03 at 06:06.
I've had this same problem crop up today. Never seen it before, but Spybot keeps showing it to me, even after letting it "fix" the problems (two, in my case). I've used another sweeper as well, which came out negative, and my routine Norton AV sweep also came up negative.Originally Posted by malectro
I'm using Spybot 1.3, and I just updated earlier today; I'm wondering if there was something blinky in the latest detection file, leading to the false positive?
Spysweeper, eh? That just might explain it. But...I've been using Spysweeper in combination with Spybot for at least a year: why a false positive only now?
False positive? I guess I won't worry about it unless something else comes up.
Thanks for the info.
Command Service Trojan
I likewise have found 3 instances of the Command Service trojan. They are located in the registry. 2 of the entries are buried so deep and are in memory that even if I boot in safe mode they cannnot be removed. Does anyone have any ideas on how to eliminate this problem. The software itself seems to disable any popup blocket or is inducing its own popup generator. (I think the latter is what's really happening since all the popups are related to registry clearner and other optimizaing type software - from publishers whose authenticity or at leat ethics is highly questionable)
Any advice on how to go about and resolve this problem.
mmagnotte:
Have you download and run a scan with the latest detection updates (2005-12-16)? There was a false positive for Command Service: Settings starting with the 2005-12-05. See this thread:
- Command Service: mchInjDrv in HKLM:CurrentControlSet
http://forums.spybot.info/showthread.php?t=774
According to thomcats in the following post the false positive(s) appear to have been resolved with the 2005-12-16 updates:
If you have the 2005-12-16 updates (Spybot > Help > About) and are still getting detections for the "Command Service" malware, please run another scan/fix. Then right click on the results list, select "Copy results to clipboard" and paste the clipboard into a new post so that we can see the actual detections that you are getting.
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Just to clarify this a bit, I believe the instances of: "Command Service: mchInjDrv in HKLM:CurrentControlSet" can be a false positive when certain anti-malware applications that also contain these entries are installed. Due to the fact that these couldn't be safely differentiated from the versions included with some malware, Team Spybot made the decision to remove the detection of the mchInjDrv (Mad code hook Injection Driver) from the product.
What this means is that the mchInjDrv component itself won't be detected, but as I understand it, this is simply a support module anyway and has no real mal-intent by itself. The Command Service Product detection(s) still exist in the 12-16-05 update, so the malware components themselves are still detected and removed by Spybot S&D.
Please proceed as requested by md usa spybot fan in his post above to confirm your situation.
<<< Edit >>> fixed detections date, I'm only a month behind.
Last edited by bitman; 2005-12-19 at 00:10.
Still trying to remove command service
I've tried everything to remove command service, ran in safemode (could not remove) ran hijackthis and cwshredder.exe and couldn't find the files, only spybot seems to be able to detect this, yes i do have the latest updates (12/16/05). I have also tried going into registry to delete the directories but it would not let me. This is really frustrating here is the log:
--- Search result list ---
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
I've went into the controlset001 and the other controlset yet i cannot remove it for the life of me. Please comment and help!
j
My roommate's computer is having the same problem. Command service keeps showing up as spyware, but Spybot can never remove it.
Additionally, all sorts of "CoolWWWSearch" type stuff keeps showing up. His home page keeps getting taken over and being changed to "About:blank". Changing it back only works for the one time you have that browser open. Close it, and the homepage resets to "about:blank".
He's also receiving popups and security garbage from "Spyfighter." In fact, when I try to uninstall the "homepage" (it has a link for it in the top right), I'm taken to a page trying to sell me "Spyfighter".
Finally, I've run Spybot three times while typing this. Despite only being on this page, Spybot keeps finding the "Coolwwwsearch" over and over. I'm told it's successfully removing the items, but the very next scan "Coolwwwsearch" items show up again.
Last edited by ardent enthusiast; 2005-12-19 at 20:35.
Posting Permissions
Reply With Quote