Threat behavior
Adware.cmdService runs as a Windows service and displays pop-up ads on your desktop when you browse the Internet. Adware.cmdService may also change the homepage and default search engine used by the browser, cause conflicts with other programs running on the computer, and may self-update without seeking explicit consent from the user.
Adds the following registry keys:
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Drops the following files:
command.exe
%windir%\amfpbwu\asappsrv.dll
%windir%\amfpbwu\uaidvqo.vbs
Prevention
Follow these general security tips to better protect your system:
Enable a firewall on your computer.
Get the latest computer updates.
Run an up-to-date scanning and removal tool.
Use caution with attachments and file transfers.
Enable a firewall on your computer
Use a third-party firewall product or turn on the Microsoft Windows XP Internet Connection Firewall.
To turn on the Internet Connection Firewall in Windows XP
Click Start, and click Control Panel.
Click Network and Internet Connections. If you do not see Network and Internet Connections, click Switch to Category View.
Click Change Windows Firewall Settings.
Select On.
Click OK.
Get the latest computer updates
Updates help protect your computer from viruses, worms, and other threats as they are discovered. You can use the Automatic Updates feature in Microsoft Windows XP to automatically download future Microsoft security updates while your computer is on and connected to the Internet.
To turn on Automatic Updates in Windows XP
Click Start, and click Control Panel.
Click Performance and Maintenance. If you do not see Performance and Maintenance, click Switch to Category View.
Click System.
Click Automatic Updates.
Select a setting. Microsoft recommends selecting Automatic. If you do not choose Automatic, but you choose to be notified when updates are ready, a notification balloon appears when new downloads are available to install. Click the notification balloon to review and install the updates.
Run an up-to-date scanning and removal tool
Most scanning and removal software can detect and prevent the installation of known malicious software and unwanted software such as adware or spyware. You should frequently run a scanning and removal tool that is updated with the latest signature files. For more information, see http://www.microsoft.com/athome/security/downloads/default.mspx
Use caution with attachments and file transfers
Exercise caution with e-mail and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.
