command service persistent [Re-Opened]

ayumpari · Dec 21, 2006

ren-cmdservice log

Running from C:\Documents and Settings\ONE RIVER\Desktop\ren-cmdservice
No Image Path Listed in Registry

-----------------
Deleting cmdservice key
cmdservice key deleted
..
-----------------
Commandline utilities (SWReg and SWSC)
Written by Bobbi Flekman © 2005
-----------------
Finised, Post this text then
Please Restart your PC
ren-cmdservice.bat edited 6-25-2006
-----------------

ayumpari · Dec 21, 2006

counterspy okey dokey!!!!!!!

Counter Spy says we"re all good!!!!!!!!:bigthumb:
awesome

Spyware Scan Details
Start Date: 12/20/2006 4:04:56 PM
End Date: 12/20/2006 5:03:52 PM
Total Time: 58 mins 56 secs

Detected spyware

Desktop Weather Potentially Unwanted Program more information...
Status: Ignored

Infected files detected
c:\documents and settings\all users\start menu\programs\the weather channel\desktop weather\help.lnk
c:\documents and settings\all users\start menu\programs\the weather channel\desktop weather\settings.lnk
c:\documents and settings\all users\start menu\programs\the weather channel\desktop weather\the weather channel desktop.lnk
c:\documents and settings\all users\start menu\programs\the weather channel\desktop weather\uninstall.lnk
c:\program files\the weather channel fw\desktop weather\app.swf
c:\program files\the weather channel fw\desktop weather\config\defaults\ads.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\app.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\cobrand.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\dimms.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\divs.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\forcast.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\links.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\nav.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\screens.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\version.bin
c:\program files\the weather channel fw\desktop weather\config\defaults\vertical.bin
c:\program files\the weather channel fw\desktop weather\config\settings.bin
c:\program files\the weather channel fw\desktop weather\desktopweather.exe
c:\program files\the weather channel fw\desktop weather\eula.html
c:\program files\the weather channel fw\desktop weather\install.log
c:\program files\the weather channel fw\desktop weather\lib\app_elements\logo_loader.bin
c:\program files\the weather channel fw\desktop weather\lib\businessgraphicmax.bin
c:\program files\the weather channel fw\desktop weather\lib\connection.bin
c:\program files\the weather channel fw\desktop weather\lib\drivinggraphicmax.bin
c:\program files\the weather channel fw\desktop weather\lib\fitnessgraphicmax.bin
c:\program files\the weather channel fw\desktop weather\lib\flvplayer.bin
c:\program files\the weather channel fw\desktop weather\lib\forecast\cc.bin
c:\program files\the weather channel fw\desktop weather\lib\forecast\detailed.bin
c:\program files\the weather channel fw\desktop weather\lib\forecast\hourly.bin
c:\program files\the weather channel fw\desktop weather\lib\forecast\oneclickcc.bin
c:\program files\the weather channel fw\desktop weather\lib\forecast\tendayforecast.bin
c:\program files\the weather channel fw\desktop weather\lib\forecast\threedayforecast.bin
c:\program files\the weather channel fw\desktop weather\lib\forecastpagetabs.bin
c:\program files\the weather channel fw\desktop weather\lib\golfgraphicmax.bin
c:\program files\the weather channel fw\desktop weather\lib\homepagetabs.bin
c:\program files\the weather channel fw\desktop weather\lib\homepagetabs_f.bin
c:\program files\the weather channel fw\desktop weather\lib\homepagetabs_p.bin
c:\program files\the weather channel fw\desktop weather\lib\instby_module.bin
c:\program files\the weather channel fw\desktop weather\lib\loaction_display.bin
c:\program files\the weather channel fw\desktop weather\lib\locmanagermod.bin
c:\program files\the weather channel fw\desktop weather\lib\maps\maxradarhomemod.bin
c:\program files\the weather channel fw\desktop weather\lib\maps\maxradarscreen.bin
c:\program files\the weather channel fw\desktop weather\lib\maps\radarandmapsmod.bin
c:\program files\the weather channel fw\desktop weather\lib\maps\sixhundredmileradar.bin
c:\program files\the weather channel fw\desktop weather\lib\maxprefsscreen.bin
c:\program files\the weather channel fw\desktop weather\lib\nav\mainnavmodule.bin
c:\program files\the weather channel fw\desktop weather\lib\nav\nav_top_right.bin
c:\program files\the weather channel fw\desktop weather\lib\nav\vertical_nav.bin
c:\program files\the weather channel fw\desktop weather\lib\photo.bin
c:\program files\the weather channel fw\desktop weather\lib\pollengraphicmax.bin
c:\program files\the weather channel fw\desktop weather\lib\promo.bin
c:\program files\the weather channel fw\desktop weather\lib\promo_p.bin
c:\program files\the weather channel fw\desktop weather\lib\searchbarmod.bin
c:\program files\the weather channel fw\desktop weather\lib\severeweatherscreen.bin
c:\program files\the weather channel fw\desktop weather\lib\side_barmodule.bin
c:\program files\the weather channel fw\desktop weather\lib\verticalselectorscreenmod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\businesstravelermod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\businesstravelerscreenmod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\drivinghomemod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\drivingscreenmod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\fitnesshomemod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\fitnessscreenmod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\golfhomemod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\golfscreenmod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\pollenhomemod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\pollenscreenmod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\traffichomemod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\trafficscreenmod.bin
c:\program files\the weather channel fw\desktop weather\lib\verticles\weatherhomemod.bin
c:\program files\the weather channel fw\desktop weather\lib\videotabmod.bin
c:\program files\the weather channel fw\desktop weather\noinet_300x250.gif
c:\program files\the weather channel fw\desktop weather\noinet_728x90.gif
c:\program files\the weather channel fw\desktop weather\swfs\graphics\ad_f.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\bkg_f.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\bkg_p.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\border_f.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\border_p.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\homepage_line_f.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\homepage_line_p.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\nav_bar_border_f.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\nav_bar_border_p.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\nav_bar_f.swf
c:\program files\the weather channel fw\desktop weather\swfs\graphics\nav_bar_p.swf
c:\program files\the weather channel fw\desktop weather\swfs\thunderclap.mp3
c:\program files\the weather channel fw\desktop weather\swfs\verticals\businesstravelerv.swf
c:\program files\the weather channel fw\desktop weather\swfs\verticals\drivingv.swf
c:\program files\the weather channel fw\desktop weather\swfs\verticals\fitnessv.swf
c:\program files\the weather channel fw\desktop weather\swfs\verticals\golfv.swf
c:\program files\the weather channel fw\desktop weather\swfs\verticals\newsv.swf
c:\program files\the weather channel fw\desktop weather\swfs\verticals\pollenv.swf
c:\program files\the weather channel fw\desktop weather\swfs\verticals\trafficv.swf
c:\program files\the weather channel fw\desktop weather\swfs\verticals\weatherv.swf
c:\program files\the weather channel fw\desktop weather\theweatherchannelcustomuninstall.exe
c:\program files\the weather channel fw\desktop weather\uninstall.bat
c:\program files\the weather channel fw\desktop weather\unwise.exe
c:\program files\the weather channel fw\desktop weather\unwise.ini
c:\program files\the weather channel fw\framework\flow.xml
c:\program files\the weather channel fw\framework\install.log
c:\program files\the weather channel fw\framework\theweatherchannelne.exe
c:\program files\the weather channel fw\framework\theweatherchannelqc.exe
c:\program files\the weather channel fw\framework\theweatherchannelqx.exe
c:\program files\the weather channel fw\framework\theweatherchannelsetup.exe
c:\program files\the weather channel fw\framework\theweatherchannelslnchr.exe
c:\program files\the weather channel fw\framework\theweatherchannelupdate.exe
c:\program files\the weather channel fw\framework\uninstall.bat
c:\program files\the weather channel fw\framework\unwise.exe
c:\program files\the weather channel fw\framework\unwise.ini
c:\program files\the weather channel fw\framework\ver.txt
c:\program files\the weather channel fw\framework\wiseinstallutility.dll
c:\program files\the weather channel fw\framework\wxcache\ac.dat
c:\program files\the weather channel fw\framework\wxcache\actimes.rfsh
c:\program files\the weather channel fw\framework\wxfw.cpl
c:\program files\the weather channel fw\framework\wxfw.dll
C:\Program Files\Common Files\Real\Update_OB\~Upg0\weatherapp\The_Weather_Channel_Application.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services DisplayName Weather Services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services UninstallString C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework\Components\{19916D47-F66E-4a24-A6EE-6304A562DE7B} InstallDir C:\PROGRA~1\THEWEA~1\Framework
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework\Components\{19916D47-F66E-4a24-A6EE-6304A562DE7B} an wxfw.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework\Components\{19916D47-F66E-4a24-A6EE-6304A562DE7B} setupprodcode UP100
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework\Components\{44F2FEB1-1437-417e-9836-5D7CDEF3EF6E} InstallDir C:\Program Files\The Weather Channel FW\Framework
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework\Components\{44F2FEB1-1437-417e-9836-5D7CDEF3EF6E} an TheWeatherChannelUpdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework\Components\{90B9F4E5-6F3C-477e-841B-797A53500F73}\ComponentData flowver 30
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework\Components\{90B9F4E5-6F3C-477e-841B-797A53500F73}\ComponentData setupver 26
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework\Components\{90B9F4E5-6F3C-477e-841B-797A53500F73} InstallDir C:\Program Files\The Weather Channel FW\Framework
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework\Components\{90B9F4E5-6F3C-477e-841B-797A53500F73} an TheWeatherChannelSlnchr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework InstallDir C:\Program Files\The Weather Channel FW\Framework
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework Version 20102
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework un UNWISE.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\The Weather Channel\Framework proxy F
HKEY_CURRENT_USER\Software\The Weather Channel
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621}\AppData swat 0
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621}\AppData opt4pref 1
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621}\AppData startMode MX
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} InstBy real
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} cobrand real
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} setupfocus
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} InstallDir C:\Program Files\The Weather Channel FW\Desktop Weather
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} Version 50103
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} an DesktopWeather.exe
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} dn Desktop Weather
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} hb dw4xxmutex
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} mn dw4xxmutex
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} HTMLEulaName eula.html
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} HTMLHelpName help.html
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} un TheWeatherChannelCustomUninstall.exe
HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} setupprodcode DW5
HKEY_CURRENT_USER\Software\The Weather Channel\Framework\UserProfile\DisplayPrefs distance M
HKEY_CURRENT_USER\Software\The Weather Channel\Framework\UserProfile\DisplayPrefs notifications 7
HKEY_CURRENT_USER\Software\The Weather Channel\Framework\UserProfile\DisplayPrefs precipitation I
HKEY_CURRENT_USER\Software\The Weather Channel\Framework\UserProfile\DisplayPrefs pressure I
HKEY_CURRENT_USER\Software\The Weather Channel\Framework\UserProfile\DisplayPrefs temperature F
HKEY_CURRENT_USER\Software\The Weather Channel\Framework\UserProfile\DisplayPrefs windspeed M
HKEY_CURRENT_USER\Software\The Weather Channel InstallID 1023121035
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop DisplayName The Weather Channel Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop UninstallString C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe

Mr_JAk3 · Dec 21, 2006

Ok good, it is looking clean now

The computer is running fine ?

You can enable CounterSpy again.

Now you can clean AVG's Quarantine:

Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program

You can remove the tools we used.

Then you should update your Java to the latest version (6.0)

[*]Start
[*]Control Panel
[*]Add/Remove Programs
Delete the old Java, J2SE Runtime Environment 5.0 Update 9
Download the latest version of Java Runtime Environment (JRE) 6.0.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it

Now you can make your hidden files hidden again.

Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:

Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware
Update it and scan your computer regularly with it.
Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.
Use Firefox browser
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein
So how did I get infected in the first place?
Stand Up and Be Counted !
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Stay clean and be safe

Mr_JAk3 · Dec 26, 2006

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb:

command service persistent [Re-Opened]

ayumpari

New member

ayumpari

New member

Mr_JAk3

Security Expert-Emeritus

Mr_JAk3

Security Expert-Emeritus