-
October 27th, 2004, 12:55 AM
#1
Senior Member
How to delete a service?
My friend thought he'd be smart and put this trojan on my computer called "institution". The nice thing is, it uses service hiding to do its dirty work. So now I need to remove this service from my computer, but I can't see it in the service browser. I know it's running because I can connect to myself.
http://www.iamaphex.net/modules.php?...q=getit&lid=54
(couldn't find it on megasecurity or anything, and in the readme it says run with the '/u' parameter to remove. Problem is, for some reason I can't get the command prompt to 'cd' to my d:\ root, where my friend ran the virus.)
Does anyone know how I can go about deleting services by not using the service browser?
-
October 27th, 2004, 01:11 AM
#2
Considering that your friends suck...
If I were you I would run a complete scan on your box. Here is a document that can help:
http://www.antionline.com/attachment...achmentid=4913
To summarize the article, download the tools listed and their updates, boot into safe mode, and scan. Then scan with an online scanner, like one listed.
Safe mode will prevent the service from starting, giving you better success of ending what is starting it.
-
October 27th, 2004, 01:16 AM
#3
Senior Member
Yeah...he's a moron thinking he'd be cool and "hack" me...
Thanks for that guide, I'm gonna go try it now
-
October 27th, 2004, 02:23 AM
#4
i trust you know that the 'CD' command is not used to change drives, instead just enter the drive letter and a colen (d at the prompt.
i think you might be talking about this:
http://securityresponse.symantec.com...aphex.kit.html
removal instructions are on this page but im sure soda's meathod will work just fine
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
October 27th, 2004, 02:31 AM
#5
Senior Member
Originally posted here by Tedob1
i trust you know that the 'CD' command is not used to change drives, instead just enter the drive letter and a colen (d at the prompt.
Heh...yeah I did, i'm just being stupid today...
-
October 27th, 2004, 08:34 AM
#6
Junior Member
Normally you'd go about removing a service by stopping the service (in your case booting to safe mode would d the trick) then onpen regedit mosey on down to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
browse trough the keys you find there and delete the ones you want to delete and reboot
that's about it
\" I love fools and mistakes i\'m alway\'s making them \" (Charles Darwin)
-
October 27th, 2004, 04:07 PM
#7
you can also use in windows xp
sc delete [service name]
sc = NT Service Controller
you can also use this same process to add a service (sc create)
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
-
October 28th, 2004, 12:23 AM
#8
Senior Member
Well I got it off by simply executing with "/u" as a cmdline argument.
Ty for the help though, now I know where to go next time.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|