topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:43 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Unknown service (can't find relevant info on the web)  (Read 18048 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Unknown service (can't find relevant info on the web)
« Reply #25 on: November 29, 2005, 07:42 AM »
hahahahahaha.

so ironic - the apps designed to detect trojans are looking more and more like trojans themselves, and its hard to tell which is which.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Unknown service (can't find relevant info on the web)
« Reply #26 on: November 29, 2005, 07:50 AM »
It would be ironic if it weren't for the sleepless nights wondering who was going to use my credit card this time!!! It has happened before - but that was related to two companies I used being hacked or employees stealing info. One of those ran up a debt of over £1500 in Vegas (~$2500) before the card company spotted it wasn't likely to be me!

Before people wonder what I have been up to for this to happen ... I only use a credit card online on sites that use a known trusted, secure payment method - but obviously it isn't totally foolproof !! If I come across small companies that are selling software and apparently doing their own card processing I give them a wide berth 'cos it is difficult to know if they really can be trusted. Most small companies use DigitalRiver, Element5, RegSoft etc.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
I have run RR again to check this out and it does produce exactly the symtoms I am describing - a dead randomly named service with the EXE file missing, and registry entries to support the service entry. I think I can breathe easily again.

I watched the TEMP folder and TaskManager while RR was running and the file is created and loaded as a servive. According to the file properties it is another instance of RootkitRevealer.

Useful utility ....
~~~~~~~~~~

If it is of use to other people there is a utility in the MS Windows 2003 Resource Kit (free download, definitely worth having, from MS website) which is useful for getting rid of unwanted service entries, and removes the need to edit the registry. This resource kit is compatible with WinXP and Win2003 32-bit versions only. Win2k has a Resource Kit but it isn't free.

The command is SC.EXE (not a helpful name) and the syntax is:

SC.EXE DELETE <service_name>

SC.EXE does a lot more too, open a DOS window and try SC.EXE /? for a full list, or look at the help file.

If you have Windows 2000 you need to delete this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<service_name>
« Last Edit: November 29, 2005, 09:57 AM by CarolHaynes »