Results 1 to 3 of 3

Thread: How to delete a service which is infected

  1. #1
    Join Date
    Sep 2005
    Posts
    1,434

    How to delete a service which is infected

    During disinfection, or personal capacity, you may have to get (to) remove a service belonging to an infected malware. Some methods of removal.

    1) Deleting through HijackThis
    2) Remove from the command line

  2. #2
    Join Date
    Sep 2005
    Posts
    1,434

    Deleting through HijackThis

    Deleting through HijackThis

    Option delete an NT service can delete the visible rows in a report O23 HijackThis, having been arrested or turned off before.

    To do this:
    • Go to: Start
    • Module run and type: services.msc then press OK
    • In the window that follows, look for the service (s) (s) to stop.
    • Example to remove the service: Boonty Games

    *Right-click above <stop <then properties startup type, set off and confirm.
    • You can also stop a command line:

    *Start-stop service from the command line
    • Then run HijackThis
    • HijackThis line corresponding to this service:

    *O23 - Service: Boonty Games - Boonty - C: \ Program Files \ Common Files \
    • Boonty Shared \ Service \ Boonty.exe
    • Choose the open misc tools section
    • Option delete an NT service
    • Enter the exact name of the service to delete! In our case: Boonty Games
    • Warning! Once deleted, it will be impossible to restore service. If you are unsure of the legitimacy of a service, disable it enough!



  3. #3
    Join Date
    Sep 2005
    Posts
    1,434

    Remove from the command line

    Remove from the command line

    You can also delete a service directly from the command line to be:
    • Go to: Start
    • Module run, then type: cmd and press OK:
    • In the DOS window that follows, enter each of the following commands followed by the name of the service to delete in strict syntax and confirm with [Enter] after each line.



    Example command line to enter to arrest and remove two infected, namely the evntsvc and scagent:
    • sc stop evntsvc [Enter]
    • evntsvc sc config start = disabled> and confirm with OK
    • sc delete evntsvc [Enter]
    • sc stop scagent [Enter]
    • scagent sc config start = disabled> and confirm with OK
    • sc delete scagent [Enter]
    • exit [Enter]


    Important Notes:
    1) To remove a service having a name composed of several words, such as the line HijackThis follows:
    • O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
    • We must enter the full name enclosed by parentheses, ie, enter the following:
    • sc stop "Bonjour Service"
    • sc delete "Bonjour Service"


    2) The office will be to remove the one in parentheses, ie in our example "Bonjour Service", as indicated earlier in the HijackThis bold, and not just before, Bonjour Service, which is a description, not the name "recognized" by the system. If the line O23 HijackThis report does not name in brackets, as was the case for this line:
    • O23 - Service: Boonty Games - Boonty - C: \ Program Files \ Common Files \ Boonty Shared \ Service \ Boonty.exe
    • So the name of the service will delete the name immediately after the "Service".




    3) These two methods of removal apply to services called "basics", but will not work for services rootkits, which are much more complex to remove.

Similar Threads

  1. Unable to delete Three similiar Infected Files
    By Harigopal in forum Networking & Security
    Replies: 5
    Last Post: 07-08-2011, 07:47 AM
  2. Is it safe to delete a virus or infected file
    By aFRODITA in forum Networking & Security
    Replies: 6
    Last Post: 14-12-2010, 03:17 PM
  3. Malwarebytes cannot delete an infected file
    By AbhayD in forum Networking & Security
    Replies: 4
    Last Post: 05-01-2010, 12:27 PM
  4. unable to delete Virus Infected file
    By Gefry in forum Networking & Security
    Replies: 3
    Last Post: 29-04-2009, 02:09 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,674,983.14424 seconds with 17 queries