Re: Unusual service what is it?
- From: "Wesley Vogel" <123WVogel955@xxxxxxxxxxx>
- Date: Sat, 29 Apr 2006 14:57:39 -0600
I already have Process Explorer and AutoRuns also. ;-)
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:uWzVBKuaGHA.4936@xxxxxxxxxxxxxxxxxxxx,
Heirloom <roland58XX@xxxxxxxxx> hunted and pecked:
Rootkit Revealer available at www.sysinternals.com .......free. Whilehttp://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sc.mspx
you are there, get Process Explorer, also free. It is a great app for
showing exactly what is running on your machine and the amount of cpu
cycles in % used by each.
Heirloom, old and thanks for the
assist, Wes!
"Wesley Vogel" <123WVogel955@xxxxxxxxxxx> wrote in message
news:eLUk%23lmaGHA.4564@xxxxxxxxxxxxxxxxxxxxxxx
If you have not used RootkitRevealer...
Update your antivirus software and run a full system scan.
Update whatever anti-spyware applications that you have and run a full
system scan with each one.
If you have used RootkitRevealer, it adds a random named *.exe file and a
random named service and runs as that service. The random named *.exe
file
will show up in %userprofile%\Local Settings\Temp folder. Every time you
run
RootkitRevealer it adds another random service to services.msc. The
randomly named *.exe file will be deleted, but the registry settings are
left behind.
[[The reason that there is no longer a command-line version is that
malware
authors have started targeting RootkitRevealer's scan by using its
executable name. We've therefore updated RootkitRevealer to execute its
scan
from a randomly named copy of itself that runs as a Windows service.]]
http://www.sysinternals.com/Utilities/RootkitRevealer.html
RootkitRevealer leaves references to these random named *.exe files
behind so that you see strange service names in services.msc.
If you do not want to mess in the registry, see Alternate method below.
You'll find the left behind services here...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Locate the service(s) in the list. ImagePath should point to
Local Settings\Temp folder, as a double check.
Delete them and reboot.
[[Important This article contains information about modifying the
registry.
Before you modify the registry, make sure to back it up and make sure
that you understand how to restore the registry if a problem occurs. For
information about how to back up, restore, and edit the registry, click
the
following article number to view the article in the Microsoft Knowledge
Base: 256986 Description of the Microsoft Windows Registry]]
http://support.microsoft.com/default.aspx?kbid=256986
Alternate method To delete a service.
Open Services...
Start | Run | Type: services.msc | Click OK |
Scroll down to and double click the service you want to get rid of |
On the General tab, Service name: take note of the Service Name not the
Display Name | Close Services
Then open a command prompt...
Start | Run | Type: cmd | Click OK |
Type: sc delete Whateverservice Display Name
and hit Enter
Reboot.
See...
sc delete
here...
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:OzYjIjkaGHA.3992@xxxxxxxxxxxxxxxxxxxx,
PaulaDawn <Blah@xxxxxxxxxxxx> hunted and pecked:
ULHDBZHW This has shown up in my services? I have googled it and it
doesn't show up? What is it? and if its bad how to get rid of it?
.
- Follow-Ups:
- Re: Unusual service what is it?
- From: Heirloom
- Re: Unusual service what is it?
- References:
- Unusual service what is it?
- From: PaulaDawn
- Re: Unusual service what is it?
- From: Wesley Vogel
- Re: Unusual service what is it?
- From: Heirloom
- Unusual service what is it?
- Prev by Date: Re: Taskbar clock missing
- Next by Date: Re: Conversation between Linux and Win
- Previous by thread: Re: Unusual service what is it?
- Next by thread: Re: Unusual service what is it?
- Index(es):
Relevant Pages
|
