Manual Add and Remove Methods for Windows Services

Services are programs, routines, or processes that perform specified system functions to support other programs, especially low-level (near hardware) programs. In fact, a service is a special application that runs from the start of the service, while the normal application is in a sleep state after running until the user operates it again; in WinXP, the service is in the system. It will be started automatically after loading, but it does not need to log in, but the normal application that runs automatically is executed after WinXP is loaded and logged in. There are not many cases about manually adding services, but it may still be encountered.

The collection here is as follows: Since the applications under the Windows
platform can not be run normally as a service, there are two cases for the installation service: One: install a program that can run as a service to become a WinXP service; Case 2: Install a program that cannot be run as a service (ie, a normal application) to become a WinXP service. Use the installation tools: srvinstw.exe and srvany.exe, the tools provided in the Win2000 Resource Kit; (this method is not to say here, if you need to leave a message) The following is a manual method of adding services, suitable for finding Add the service manually when adding the tool, huh, many viruses and Trojans are added like this!! Add the service by modifying the registry: In the Registry Editor, expand the branch "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services" , right The service items installed on the machine are displayed in the side pane. If you want to create a new service, just click "edit →new →item", and then name the item, such as "test"; then right-click the item and select "New →String value" or "New & Rarr; Dword value " Add a service item to add the following key values: "DisplayName", string value, corresponding service name; "Description", string value, corresponding service description; "ImagePath", string value, corresponding service The path where the program is located; "ObjectName", a string value with a value of "LocalSystem", indicating local login; "ErrorControl", Dword value, value of "1"; "Start", Dword value, value 2 means automatic operation, a value of 3 means manual operation, a value of 4 means prohibition; "Type", Dword value, the application corresponds to 10, and the other corresponds to 20. Also, create a new "Enum" item under the "test". If some must be loaded via srvany, you must also add another Parameters subkey to provide a detailed path to the program to be added as a service. The path above needs to point to the path where srvany is located. The above mentioned is how to add services, how to delete the windows service, please continue to see: First, Windows service Windows service is also called Windows Service, it is the basis of Windows operating system
and Windows network, belongs to the system Part of the core, it supports a variety of operations throughout Windows. Services such as DNS clients, print programs, Windows update services, scheduled tasks, Windows time services, alarms, etc., are related to whether the machine can operate correctly. If these services are not properly managed, it will affect the normal operation of the machine. A service is first a Win32 executable, or a process that is rundll32.exe to run a .dll. Unlike normal applications, such as opening WORD, there is an interface, but the service does not have a user interface. It is also not possible to run by directly double-clicking the corresponding .exe program. How does Windows control a service? The Windows service is managed by a higher-level services.exe service, which is managed by it, responsible for starting, stopping, running, and suspending services. Our most common operation is to complete the related operations through the Windows service MMC interface. Second, how to remove the Windows service Today's rogue software, more and more registered themselves as a service. In the scan log of Hijackthis, the services of non-Windows systems are generally listed as 023, as in the following paragraph: O23 - Unknown - Service: BKMARKS [Provides a data security protection mechanism for the transport protocol, effectively maintaining data transmission Safe and complete. ] - C:\\WINDOWS\\SYSTEM32\\RUNDLL.EXE O23 - Unknown - Service: ewido anti-spyware 4.0 guard [ewido anti-spyware 4.0 guard] - D:\\Program Files\\ewido anti-spyware 4.0\\guard.exe

O23 - Unknown - Service: KSD2Service [KSD2Service] - C:\\WINDOWS\\system32\\SVCH0ST.exe For these rogue software, you need to delete the relevant .exe file so that it can no longer run, or directly clear the service itself. When the computer is restarted, it will not start again. There are two ways to delete:

Method 1: Use the sc.exe Windows command

Start ——Run ——cmd.exe, then type sc to see . The method of use is very simple: sc delete "service name" (such as sc deleteService 83F9085F)

For the above: sc delete KSD2Service Method 2: Direct registry editing (not recommended)

Open the Registry Editor and find the following key values: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services The general service will display a main key with the same name here, directly deleting the relevant key values. (HKEY_CURRENT_USER\\SYSTEM\\CurrentControlSet\\Services may also be there, can be found in the registry to delete) Third, special circumstances 1, if the service shows rundll32.exe, and this file is located in the system32 directory, then you can not delete this rundll32 The .exe file, which is a file for the Windows system. At this time, as long as the relevant services are cleared, 2. If a service is deleted, it will be automatically established, indicating that the process is monitoring and protecting. You need to kill the corresponding process in the process manager first, or press F8 after startup to delete it in safe mode