Command Service & Smitfraud

[handsomehary]

I need help with these two problems. I have checked elsewhere and they tell me that Hijackthis says there are no problems, but when I scan with Spybot and Adaware it says my problems are still here. I think I have used every program out there to get rid of it so I am looking for some real good advice.. Here is my HJT file.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and follow the instructions exactly.

Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above. See HERE for instructions.

Regards Howard :wave: :wave:

This thread is for the use of handsomehary only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[handsomehary]

HJT LOG files

Here are my log files. Ewido doesn't show anything on a scan and neither does AVG but Spybot and Adaware both show Registry infections

 

[howard_hopkinso]

I have merged your new thread into this one. Please don`t open any more threads for this. Thanks.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)

Click on the fix checked button.

Close HJT.

Other than the above inactive entry, your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of handsomehary only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[handsomehary]

Still have the same problem.

Spybot says I still have the Smitfraud-C.Toolbar888 and Command Service still in my Registry. And they cannot be deleted by normal means. SMitfraud has one entry in my registry and Command Service has three, one of which can be deleted but comes back after being deleted.

 

[howard_hopkinso]

All I can suggest, is you run Spybot and Ad-Aware from safe mode. Delete whatever they find, this includes anything in quarantine.

I cant see anything nasty in your HJT log.

If the Smitfraudfix doesn`t find anything, and you`re not getting any popups, I don`t see what else we can do.

Regards Howard

 

[handsomehary]

Smitfraud

OK Well thanks for trying. I have run spybot from Safe and it cannot delete. Thanks for trying. BTW this is what Spybot says.
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Smitfraud-C.Toolbar888: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

 

[howard_hopkinso]

Try this.

Please download delcmdservice (by Marckie), and save it to your Desktop.

Unzip the content to your Desktop (a folder named delcmdservice)
Double-click on the delcmdservice folder
Double-click on delreg.bat to launch the tool
When the tool has finished, please reboot your computer
Once rebooted, please scan and let me know if it was successful.

Regards Howard

 

[handsomehary]

Scan Results of Spybot and delcmdservice

That cured part of my problem now all I have is the smitfraud

-- Search result list ---
Smitfraud-C.Toolbar888: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

 

[howard_hopkinso]

Download the Ccleaner programme from HERE.

Run the programme and make sure all the boxes are ticked under the Windows and Applications tabs. Click the run cleaner button with no browsers open. Do this several times. Click on issues, then the scan for issues button. Click the fix selected issues button, followed by the fix all selected issues button. Do this several times, until no more issues are found.

Go to add remove programme in your control panel and uninstall anything to do with(if there).

Toolbar888

Close control panel.

Go to C:\program files and delete the Toolbar888 folder(if there).

Download and install the latest version of SS&D from HERE. Make sure you have the latest definition files. Click the immunize button in the lefthand pane, then click the green immunize cross in the righthand pane.

Do a full scan and fix whatever it finds. Click the recovery button in the lefthand pane and click the purge button in the righthand pane.

Close SS&D.

Run SS&D again and see if it still finds the Smitfraud-C Toolbar888 entry.

Regards Howard

This thread is for the use of handsomehary only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[handsomehary]

ActiveX problem

CCleaner says it is an activeX problem. InProcServer32
C:\WinNT\system32\mljhhif.dll and I can't find it and it wont let me delete it in the registry.

 

[howard_hopkinso]

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

This is the filepath you need to enter into Killbox.

C:\WinNT\system32\mljhhif.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Please let me know the outcome.

Regards Howard

This thread is for the use of handsomehary only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[handsomehary]

mljhhif.dll File is gone

File is gone but it still will not allow me to delete the registry. That WinAntiVirusPro keeps installing a Cookie..

 

[howard_hopkinso]

Download the Autoruns programme.

Post a fresh HJT log and the Autoruns log.

Regards Howard

 

[handsomehary]

HJT Autoruns

Thanks for doing this. This thing is really stuck. Thanks for taking the time to help.

 

[howard_hopkinso]

Have HJT fix these two entries.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

Click the fix checked button and close HJT.

Download and run this TOOL.

See if that helps. If not, go HERE, download and run all four tools. Run each tool from safe mode.

Let me know the outcome please.

Regards Howard

This thread is for the use of handsomehary only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[handsomehary]

Same results

WinAntiVirusPro Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}

I tried everything in safe mode and Adaware says I still have it. Maybe I just have to live with the Winantivirus problem for the time being. I think we have tried everything or just about everything.

 

[howard_hopkinso]

It seems that Ad-Aware is having a few problems with false positives at the moment. More info is available HERE and HERE. I`m not saying this is definitely true in your case, but it might be.

Regards Howard

 

[handsomehary]

Problems

I am not doubting that Ad=Aware might be having problems but my problem is being detected by Ad-Aware, Spybot, and CCleaner so I think whatever my problem is I don't think it is because of False Positives. I guess I will just have to live with it for the time being.
Thanks for the help, I do appreciate you taking the time to help me.

Jim

 

[handsomehary]

I don't know what happened or how it happened but my Smitfraud is gone..Thank you for your help!!

 

[plan b]

i wanted to know if i could get that delcmdservice download?? Can someone help me out please??

 

[momok]

It wouldn't hurt to be more specific with your post. Also this post looks related to one of your other threads in the forum. Please use your other thread for help.

Thread closed.