Re: Unusual service what is it?
- From: "Wesley Vogel" <123WVogel955@xxxxxxxxxxx>
- Date: Tue, 2 May 2006 10:18:07 -0600
You can spend quite a little time @ www.sysinternals.com just window
shopping. I mean, even if you do not download anything there is plenty of
interesting information.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:eJoVBdAbGHA.3376@xxxxxxxxxxxxxxxxxxxx,
Heirloom <roland58XX@xxxxxxxxx> hunted and pecked:
That was intended for the OP, Wes. However, I have never heard ofhttp://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sc.mspx
AutoRuns......will check into it...........
Heirloom, old and sounds like
something you get from too much Mexican food
"Wesley Vogel" <123WVogel955@xxxxxxxxxxx> wrote in message
news:%236xFP%238aGHA.4796@xxxxxxxxxxxxxxxxxxxxxxx
I already have Process Explorer and AutoRuns also. ;-)
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:uWzVBKuaGHA.4936@xxxxxxxxxxxxxxxxxxxx,
Heirloom <roland58XX@xxxxxxxxx> hunted and pecked:
Rootkit Revealer available at www.sysinternals.com .......free.
While
you are there, get Process Explorer, also free. It is a great app for
showing exactly what is running on your machine and the amount of cpu
cycles in % used by each.
Heirloom, old and thanks for the
assist, Wes!
"Wesley Vogel" <123WVogel955@xxxxxxxxxxx> wrote in message
news:eLUk%23lmaGHA.4564@xxxxxxxxxxxxxxxxxxxxxxx
If you have not used RootkitRevealer...
Update your antivirus software and run a full system scan.
Update whatever anti-spyware applications that you have and run a full
system scan with each one.
If you have used RootkitRevealer, it adds a random named *.exe file and
a
random named service and runs as that service. The random named *.exe
file
will show up in %userprofile%\Local Settings\Temp folder. Every time
you
run
RootkitRevealer it adds another random service to services.msc. The
randomly named *.exe file will be deleted, but the registry settings
are left behind.
[[The reason that there is no longer a command-line version is that
malware
authors have started targeting RootkitRevealer's scan by using its
executable name. We've therefore updated RootkitRevealer to execute its
scan
from a randomly named copy of itself that runs as a Windows service.]]
http://www.sysinternals.com/Utilities/RootkitRevealer.html
RootkitRevealer leaves references to these random named *.exe files
behind so that you see strange service names in services.msc.
If you do not want to mess in the registry, see Alternate method below.
You'll find the left behind services here...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Locate the service(s) in the list. ImagePath should point to
Local Settings\Temp folder, as a double check.
Delete them and reboot.
[[Important This article contains information about modifying the
registry.
Before you modify the registry, make sure to back it up and make sure
that you understand how to restore the registry if a problem occurs.
For information about how to back up, restore, and edit the registry,
click the
following article number to view the article in the Microsoft Knowledge
Base: 256986 Description of the Microsoft Windows Registry]]
http://support.microsoft.com/default.aspx?kbid=256986
Alternate method To delete a service.
Open Services...
Start | Run | Type: services.msc | Click OK |
Scroll down to and double click the service you want to get rid of |
On the General tab, Service name: take note of the Service Name not
the Display Name | Close Services
Then open a command prompt...
Start | Run | Type: cmd | Click OK |
Type: sc delete Whateverservice Display Name
and hit Enter
Reboot.
See...
sc delete
here...
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:OzYjIjkaGHA.3992@xxxxxxxxxxxxxxxxxxxx,
PaulaDawn <Blah@xxxxxxxxxxxx> hunted and pecked:
ULHDBZHW This has shown up in my services? I have googled it and it
doesn't show up? What is it? and if its bad how to get rid of it?
.
- Prev by Date: Re: Sys Tray query
- Next by Date: Re: Sys Tray query
- Previous by thread: Sys Tray query
- Next by thread: I Can't see files in windows explorer staring with "q"
- Index(es):
Relevant Pages
|
