Welcome Guest ( Log In | Register )

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

 stubborn spyware, cannot remove

views
     
eXPeri3nc3
post Feb 11 2007, 09:23 PM

It's coming! 3ɔu3ıɹǝdxǝ ♥
*******
Senior Member
9,257 posts

Joined: Aug 2005
From: Not so sure myself Status: 1+3+3=7
QUOTE(achok @ Feb 11 2007, 05:59 PM)
hi all,

actually this malware haunted me long enuff. i still cant clean it up.

icon_question.gif

--- Search result list ---
Command Service: Settings (Registry key, fixing failed)
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, fixing failed)
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Command Service: Settings (Registry key, fixed)
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
*
Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

QUOTE
REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]
Save this as fix.reg Choose to "Save type as - All Files"
It should look like this: user posted image
Double click on fix.reg & allow it to merge into the registry.
Restart your computer.

QUOTE(mentos @ Feb 11 2007, 08:49 PM)
juz reformat your PC
*
piss off I can say

Added on February 11, 2007, 9:25 pmIf the registry fix fails to remove it, please post a HJT log in your next reply.

This post has been edited by eXPeri3nc3: Feb 11 2007, 09:25 PM
eXPeri3nc3
post Feb 12 2007, 10:14 PM

It's coming! 3ɔu3ıɹǝdxǝ ♥
*******
Senior Member
9,257 posts

Joined: Aug 2005
From: Not so sure myself Status: 1+3+3=7
Here's the registry fix, double click on it and let it merge into registry.
Reboot and see if it still exist or not.

BTW, UGPM the zip password.

[attachmentid=193979]
eXPeri3nc3
post Feb 14 2007, 04:52 PM

It's coming! 3ɔu3ıɹǝdxǝ ♥
*******
Senior Member
9,257 posts

Joined: Aug 2005
From: Not so sure myself Status: 1+3+3=7
Please download HijackThis . This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\ Run a scan and save the log file. Do not fix anything in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well.

Please post a fresh HJT log in your next reply.
eXPeri3nc3
post Feb 21 2007, 11:37 AM

It's coming! 3ɔu3ıɹǝdxǝ ♥
*******
Senior Member
9,257 posts

Joined: Aug 2005
From: Not so sure myself Status: 1+3+3=7
Fix the following entries in HJT

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

« Next Oldest · Security & Privacy · Next Newest »
 

Add ReplyOptions
 

Change to:
| Lo-Fi Version
 0.0149sec    0.67    6 queries    GZIP Disabled
Time is now: 24th December 2025 - 09:44 AM
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Removal Request
Powered by Invision Power Board © 2025  IPS, Inc.