Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: Unable to fix "Command Service"

  1. #11
    Member rene's Avatar
    Join Date
    Oct 2005
    Posts
    38

    Default

    Hello,

    when I added the detection I could delete it in Safe Mode. Do you have administrative rights? Let Spybot scan on startup in Safe Mode and try to fix the command service.
    Also have a look in the windows\system32 directory. There has to be a randomized directory where the command.exe is located in. Please also delete it in safe mode.

    @ardent enthusiast. And your roommate has the latest version of Spybot S&D 1.4?

    As a first solution, please upgrade your copy of Spybot-S&D to make sure you're not refering to a problem that was solved recently.
    Spybot-S&D 1.4 is available. If you are using 1.3 or older, please download and install this new version.
    You will find links to several download locations on our web site:
    http://www.safer-networking.org/en/mirrors/index.html
    Please do also update the new version as it might not contain all current detection rules.

    If this doesn´t solve the problem please send us your *complete* Spybot bug report: Therefore enter Spybot-S&D, let it scan, try to fix the problems (!) and then go to "Tools/View Report". Tick on all the 10 checkboxes (leave "Do not report disabled or known legitimate items" unchecked) you can find there and click on "View Report". Now choose "Export" and save the file to your desktop. Then attach it to your email and send it again to detections(at) spybot.info.
    rene

  2. #12
    Junior Member
    Join Date
    Dec 2005
    Posts
    1

    Default

    Quote Originally Posted by ardent enthusiast
    My roommate's computer is having the same problem. Command service keeps showing up as spyware, but Spybot can never remove it.

    Additionally, all sorts of "CoolWWWSearch" type stuff keeps showing up. His home page keeps getting taken over and being changed to "About:blank". Changing it back only works for the one time you have that browser open. Close it, and the homepage resets to "about:blank".

    He's also receiving popups and security garbage from "Spyfighter." In fact, when I try to uninstall the "homepage" (it has a link for it in the top right), I'm taken to a page trying to sell me "Spyfighter".

    Finally, I've run Spybot three times while typing this. Despite only being on this page, Spybot keeps finding the "Coolwwwsearch" over and over. I'm told it's successfully removing the items, but the very next scan "Coolwwwsearch" items show up again.
    i have the same problem too did you every find a way to fix it?

  3. #13
    Junior Member
    Join Date
    Dec 2005
    Posts
    2

    Default

    Quote Originally Posted by rene
    Hello,

    when I added the detection I could delete it in Safe Mode. Do you have administrative rights? Let Spybot scan on startup in Safe Mode and try to fix the command service.
    Also have a look in the windows\system32 directory. There has to be a randomized directory where the command.exe is located in. Please also delete it in safe mode.

    @ardent enthusiast. And your roommate has the latest version of Spybot S&D 1.4?

    rene
    I have him up and running now. SpyBot definitely helped, and it was S&D 1.4. Unfortunately for my poor roommate, he had never really scanned his computer for viruses. I downloaded McAfee for him and we found quite a few infected files.

    We're just about all clean now. SpyBot doesn't find anything at all, McAfee says we're clean, but SpyFighter continues to pop up. It's interesting to say the least. His Windows security center starts to flash saying something along the lines of "there may be viruses on your computer" and to click it. When it's clicked it tries to take you to spyfighter.com.

    Additionally, when he's away from the computer for a while, he'll come back to a "Warning: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords. Do you want to learn how to protect your computer?"

    Again, it takes him to the spyfighter.com thing. The browser it brings up "looks" legit. It looks like a standard help file. I'm a little puzzled on how to remove that from the computer.

  4. #14
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello ardent enthusiast.

    Re: Spyfighter: rogue_anti-spyware
    His Windows security center starts to flash saying something along the lines of "there may be viruses on your computer" and to click it. When it's clicked it tries to take you to spyfighter.com.
    Sounds like a hijack but best way to find out is for you to do the following:

    Please go here and follow instructions.
    Before you post a log

    Start a topic here:
    Malware Forum

    Someone will then take a look at the system and advise you as soon as a helper is available to do so.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #15
    Member
    Join Date
    Jul 2006
    Posts
    30

    Default Updates yet?

    Hey folkz, first time posting...I'm a game artist in training and I have the cmd service issue as well...I'm using 1.4 version from the download.com site...I'm currently in a hurry so are there newer updates?
    Thnx

  6. #16
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Pliang

    There are usualy more malware involved, Post logs in our malware section please.

    On a side note, SSD can fix command service fine, provided Ad-aware hasnt been ran first, what it leaves behind is just an empty key with modified permision's but sure alarms most people.
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  7. #17
    Member
    Join Date
    Jul 2006
    Posts
    30

    Default Logs

    Logs as in the scan results and removal results?

  8. #18
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello

    Follow the instructions in this sticky topic:
    BEFORE you post and who will advise you. Preliminary Steps

    Start your own topic here:
    Malware Forum
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #19
    Junior Member
    Join Date
    Sep 2006
    Posts
    2

    Default How I did it

    Alright, I had command service on my computer forever, and I didn't really bother to kill it cause it wasn't doing much, but me being a neat freak eventually decided that it was high time I killed it. This worked for me and if it doesn't work for you then don't complain to me. Also, here's a huge precaution, if you don't trust this information then don't touch it, I have no responsability on your PC, I'll give you my word though, I don't use virus removal software because I do it manually, and have been doing it manually for many years. Anyways..
    Removed:

    It turns out that the command service makes many many randomized entities in your registry. This is why nothing seems to be able to pick up on it and kill it, except for some of the more advanced spyware removers. Anyways, I used this method after doing some tinkering around so I don't know if that tinkering requires to be done before hand all I know is that my spyware detection software doesn't see it anymore, only immediately after I did the above steps. If you think you need to perform a pre-step to my above steps then:
    Removed

    If this worked extreamely well for you then do yourself a favor and delete all of the retarded anti spyware/virus software. Because virus hunting manually frees up RAM for more important things like oblivion or half-life 2. I just use detection software so I don't have to spend 2 hours everyday looking over my system32 folder and what not. Also, if you're having trouble removing things that are in you system32 folder, don't be afraid to use your LEGAL COPY of windows xp cd and boot your computer on the cd, then use the recovery console to gain ultimate cosmic power over your system32 folder. But very much like playing god you better know what your doing or you might find your computer not able to load windows. lol
    Last edited by tashi; 2006-09-04 at 18:28. Reason: Removed member's instructions

  10. #20
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Quote Originally Posted by KannedFarU View Post
    If this worked extreamely well for you then do yourself a favor and delete all of the retarded anti spyware/virus software.
    You think?
    So how did I get infected in the first place? By Tony Klein


    Quote Originally Posted by KannedFarU View Post
    But very much like playing god you better know what your doing or you might find your computer not able to load windows. lol
    We have this sticky topic BEFORE you post and who will advise you. Preliminary Steps which I linked to above and which states:

    Only authorized helpers may assist in the removal of malware.
    Helpers, Warriors, Experts and Team Spybot.
    For good reason.

    Indeed we do our best to assist in the safe removal of malware and avoid anyone having to re-install Windows.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •