How to delete a service?

Printable View

October 27th, 2004, 12:55 AM
Viper2026

How to delete a service?

My friend thought he'd be smart and put this trojan on my computer called "institution". The nice thing is, it uses service hiding to do its dirty work. So now I need to remove this service from my computer, but I can't see it in the service browser. I know it's running because I can connect to myself.

http://www.iamaphex.net/modules.php?...q=getit&lid=54
(couldn't find it on megasecurity or anything, and in the readme it says run with the '/u' parameter to remove. Problem is, for some reason I can't get the command prompt to 'cd' to my d:\ root, where my friend ran the virus.)

Does anyone know how I can go about deleting services by not using the service browser?
October 27th, 2004, 01:11 AM
Soda_Popinsky

Considering that your friends suck...

If I were you I would run a complete scan on your box. Here is a document that can help:
http://www.antionline.com/attachment...achmentid=4913

To summarize the article, download the tools listed and their updates, boot into safe mode, and scan. Then scan with an online scanner, like one listed.

Safe mode will prevent the service from starting, giving you better success of ending what is starting it.
October 27th, 2004, 01:16 AM
Viper2026

Yeah...he's a moron thinking he'd be cool and "hack" me...

Thanks for that guide, I'm gonna go try it now
October 27th, 2004, 02:23 AM
Tedob1

i trust you know that the 'CD' command is not used to change drives, instead just enter the drive letter and a colen (d:) at the prompt.

i think you might be talking about this:

http://securityresponse.symantec.com...aphex.kit.html

removal instructions are on this page but im sure soda's meathod will work just fine
October 27th, 2004, 02:31 AM
Viper2026

Quote:

Originally posted here by Tedob1
i trust you know that the 'CD' command is not used to change drives, instead just enter the drive letter and a colen (d:) at the prompt.

Heh...yeah I did, i'm just being stupid today...
October 27th, 2004, 08:34 AM
recca

Normally you'd go about removing a service by stopping the service (in your case booting to safe mode would d the trick) then onpen regedit mosey on down to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
browse trough the keys you find there and delete the ones you want to delete and reboot
that's about it
October 27th, 2004, 04:07 PM
djscribble

you can also use in windows xp

sc delete [service name]

sc = NT Service Controller

you can also use this same process to add a service (sc create)
October 28th, 2004, 12:23 AM
Viper2026

Well I got it off by simply executing with "/u" as a cmdline argument.
Ty for the help though, now I know where to go next time.