During disinfection, or personal capacity, you may have to get (to) remove a service belonging to an infected malware. Some methods of removal.
1) Deleting through HijackThis
2) Remove from the command line
During disinfection, or personal capacity, you may have to get (to) remove a service belonging to an infected malware. Some methods of removal.
1) Deleting through HijackThis
2) Remove from the command line
Deleting through HijackThis
Option delete an NT service can delete the visible rows in a report O23 HijackThis, having been arrested or turned off before.
To do this:
- Go to: Start
- Module run and type: services.msc then press OK
- In the window that follows, look for the service (s) (s) to stop.
- Example to remove the service: Boonty Games
*Right-click above <stop <then properties startup type, set off and confirm.
- You can also stop a command line:
*Start-stop service from the command line
- Then run HijackThis
- HijackThis line corresponding to this service:
*O23 - Service: Boonty Games - Boonty - C: \ Program Files \ Common Files \
- Boonty Shared \ Service \ Boonty.exe
- Choose the open misc tools section
- Option delete an NT service
- Enter the exact name of the service to delete! In our case: Boonty Games
- Warning! Once deleted, it will be impossible to restore service. If you are unsure of the legitimacy of a service, disable it enough!
Remove from the command line
You can also delete a service directly from the command line to be:
- Go to: Start
- Module run, then type: cmd and press OK:
- In the DOS window that follows, enter each of the following commands followed by the name of the service to delete in strict syntax and confirm with [Enter] after each line.
Example command line to enter to arrest and remove two infected, namely the evntsvc and scagent:
- sc stop evntsvc [Enter]
- evntsvc sc config start = disabled> and confirm with OK
- sc delete evntsvc [Enter]
- sc stop scagent [Enter]
- scagent sc config start = disabled> and confirm with OK
- sc delete scagent [Enter]
- exit [Enter]
Important Notes:
1) To remove a service having a name composed of several words, such as the line HijackThis follows:
- O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
- We must enter the full name enclosed by parentheses, ie, enter the following:
- sc stop "Bonjour Service"
- sc delete "Bonjour Service"
2) The office will be to remove the one in parentheses, ie in our example "Bonjour Service", as indicated earlier in the HijackThis bold, and not just before, Bonjour Service, which is a description, not the name "recognized" by the system. If the line O23 HijackThis report does not name in brackets, as was the case for this line:
- O23 - Service: Boonty Games - Boonty - C: \ Program Files \ Common Files \ Boonty Shared \ Service \ Boonty.exe
- So the name of the service will delete the name immediately after the "Service".
3) These two methods of removal apply to services called "basics", but will not work for services rootkits, which are much more complex to remove.
Bookmarks