Spybot detects "Command Service" as malware

Author	All Replies
BigPoppa44 join:2005-08-08 Washington, NC Reviews: ·CenturyLink	Spybot detects "Command Service" as malware I updated Spybot S&D 1.4 and ran it today and it detected "Command Service" malware as 2 entries in the registry. Does anyone know if this is legitimate malware and what is it? I used "Spyware Guide" and tried to look it up but it came back as nothing found.
	to forum · permalink · 2005-12-02 16:17:26 ·

Vampirefo Premium,MVM join:2000-12-11 Huntington, WV kudos:1	What are the reg entries? -- Best RegardsVampirefo
	to forum · permalink · 2005-12-02 16:28:09 ·
gwion wild colonial boy Premium,ExMod 2001-08 join:2000-12-28 Pittsburgh, PA kudos:1	reply to BigPoppa44 Could refer to the resource kit tools "Rcmdsvc.exe" (server end, service) and "rcmd.exe" (client end, command line app? It's a server for remotely running command line programs. Obviously, that can create some issues. But it's not "malware", just something that can be abused to run malware, given the right set of circumstances... -- Semper Eadem Come all without, come all within, You'll not see nothing like the mighty Quinn.
	to forum · permalink · 2005-12-02 18:18:07 ·
no @comcast.net	reply to BigPoppa44 I got the same thing today and well I deleted the registry entries. Is this a false positive?:(
	to forum · permalink · 2005-12-02 18:36:55 ·
Jimbo40 Premium join:2001-01-07 New York, NY	reply to BigPoppa44 same here
	to forum · permalink · 2005-12-02 19:11:46 ·
no @comcast.net	reply to BigPoppa44 Well, I thought I was alone on this issue.:(
	to forum · permalink · 2005-12-02 19:13:31 ·
no @comcast.net	reply to BigPoppa44 Here is my Spybot log of the fixed registry: --- Report generated: 2005-12-02 16:45 --- Command Service: Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv Command Service: Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv Command Service: Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv
	to forum · permalink · 2005-12-02 19:38:30 ·
Vampirefo Premium,MVM join:2000-12-11 Huntington, WV kudos:1	TrojanHunter, spysweeper, a2 all add this registry entry, probably more security apps also. mchInjDrv (Mad code hook injection driver) malware can use it, but if you use any of the above security apps, then it's a false positive. -- Best RegardsVampirefo
	to forum · permalink · 2005-12-02 20:20:57 ·
CajunTek Insane Cajun Premium,MVM join:2003-08-08 Arlington, TX Reviews: ·RoadRunner Cable	Yep Vampirefo is right on the money.. One piece of malware that does use it though is this one information on command.exe aka the Buddy trojan.. -- Lost in Texas
	to forum · permalink · 2005-12-02 20:28:56 ·
no @comcast.net	reply to Vampirefo So it's a false positive right?
	to forum · permalink · 2005-12-02 20:33:11 ·
Spy Premium join:2001-09-22 NE	Absolutely.
	to forum · permalink · 2005-12-02 23:48:50 ·
BigPoppa44 join:2005-08-08 Washington, NC	reply to Vampirefo Vampirefo, Thanks for the info. I run Spysweeper V4.5 and A squared V1.6. I'm glad to know that it's a false positive for me.
	to forum · permalink · 2005-12-03 00:56:49 ·

Broadband Tech > Security > Security > Spybot detects "Command Service" as malware