Unknown service (can't find relevant info on the web)

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

<< < (6/6)

mouser:
hahahahahaha.

so ironic - the apps designed to detect trojans are looking more and more like trojans themselves, and its hard to tell which is which.

Carol Haynes:
It would be ironic if it weren't for the sleepless nights wondering who was going to use my credit card this time!!! It has happened before - but that was related to two companies I used being hacked or employees stealing info. One of those ran up a debt of over £1500 in Vegas (~$2500) before the card company spotted it wasn't likely to be me!

Before people wonder what I have been up to for this to happen ... I only use a credit card online on sites that use a known trusted, secure payment method - but obviously it isn't totally foolproof !! If I come across small companies that are selling software and apparently doing their own card processing I give them a wide berth 'cos it is difficult to know if they really can be trusted. Most small companies use DigitalRiver, Element5, RegSoft etc.

Carol Haynes:
I have run RR again to check this out and it does produce exactly the symtoms I am describing - a dead randomly named service with the EXE file missing, and registry entries to support the service entry. I think I can breathe easily again.

I watched the TEMP folder and TaskManager while RR was running and the file is created and loaded as a servive. According to the file properties it is another instance of RootkitRevealer.

Useful utility ....
~~~~~~~~~~

If it is of use to other people there is a utility in the MS Windows 2003 Resource Kit (free download, definitely worth having, from MS website) which is useful for getting rid of unwanted service entries, and removes the need to edit the registry. This resource kit is compatible with WinXP and Win2003 32-bit versions only. Win2k has a Resource Kit but it isn't free.

The command is SC.EXE (not a helpful name) and the syntax is:

SC.EXE DELETE <service_name>

SC.EXE does a lot more too, open a DOS window and try SC.EXE /? for a full list, or look at the help file.

If you have Windows 2000 you need to delete this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<service_name>

Navigation

[0] Message Index

[*] Previous page

Go to full version