I. What is a Windows service? The Windows service is also called Windows Service. It is the basis of the Windows operating system and the Windows network. It is part of the core of the system and supports various operations of the entire Windows. Services such as DNS clients, print programs, Windows update services, scheduled tasks, Windows time services, etc., are related to whether the machine can run correctly. If these services are not properly managed, it will affect the normal operation of the machine.
A service is first a Win32 executable, or a process that is rundll32.exe to run a .dll. Unlike normal applications, such as opening WORD, there is an interface, but the service does not have a user interface. It is also not possible to run by directly double-clicking the corresponding .exe program.
Second, how does Windows control a service?
Windows service is managed by a higher level service.exe service, which is responsible for the start, stop, and run of the service. Pause, etc. Our most common operation is to complete the related operations through the Windows service MMC interface.
In the windows7 system, we click on the start menu, enter "ldquo; service" in the search box, double-click the first result of the top to open the service management & mdash; —
three, how to delete the Windows service
The current rogue software is increasingly registering itself as a service. Generally, non-Windows system services are listed as 023, as in the following paragraph:
O23 - Unknown - Service: BKMARKS [Provides a data security protection mechanism for the transport protocol to effectively maintain security and integrity in data transmission. ] - C:WINDOWSSYSTEM32RUNDLL.EXE
O23 - Unknown - Service: ewido anti-spyware 4.0 guard [ewido anti-spyware 4.0 guard] - D:Program Filesewido anti-spyware 4.0guard.exe
O23 - Unknown - Service : KSD2Service [KSD2Service] - C:WINDOWSsystem32SVCH0ST.exe
For these rogue software, you need to delete the related .exe file so that it can no longer run, or directly clear the service itself, so that when the computer restarts, it will not start up.
There are two ways to delete:
Method 1: Use the SC.exe Windows command
Click Start Menu -> All Programs -> Attachments -> Command Line Program, select "ldquo" from the right-click menu to manage Mode of operation & rdquo;.
This way, open a command line program as an administrator, enter SC plus parameters, the method is very simple:
SC delete "service name" (if there is a space between the service name, Need to be quoted before and after)
For the above: SC delete KSD2Service
SC command detailed, see the bottom of this article, windows7 home has helped you organize.
Method 2: Direct registry editing (not recommended)
Open the registry editor and find the following key values:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services General services will be displayed here with the same name A master, you can directly delete the relevant key values.
four, special circumstances
1, if the service shows rundll32.exe, and this file is located in the system32 directory, then you can not delete the rundll32.exe file, it is a Windows system file. At this time, just clear the relevant services.
2, if a service is deleted immediately and automatically established, indicating that the process is monitoring and protection in the background. You need to kill the corresponding process in the process manager first, or press F8 after startup to delete it in WIN7 security mode.
//////Appendix: SC Command Line Program Parameter Details ///////
Description:
SC is a command line program used to communicate with the Service Control Manager and services.
Usage:
SC [command] [service name] ...
The format of the option is "ServerName"
type "SC [command]" to get further help on the command < Br>Command:
query-----------Query the status of the service,
or enumerate the status of the service type.
queryex---------Query the extended status of the service,
or enumerate the status of the service type.
start----------- Start the service.
pause----------- Send a PAUSE control request to the service.
interrogate-----Send an INTERROGATE control request to the service.
continue--------Send a CONTINUE control request to the service.
stop------------ Send a STOP request to the service.
config---------- Change the configuration of the service (permanent).
deSCription-----Change the description of the service.
failure---------Change the action performed when the service fails.
failureflag-----Change the service's failed operation flag.
sidtype---------Change the service's service SID type.
privs-----------Change the required permissions for the service.
qc-------------- Query service configuration information.
qdeSCription----Query service description.
qfailure--------The operation performed by the service when the query fails.
qfailureflag----Query the service's failed operation flag.
qsidtype--------Query the service's service SID type.
qprivs----------Query the required permissions of the service.
qtriggerinfo----Query the trigger parameters of the service.
qpreferrednode--Query the preferred service NUMA node.
delete----------(from the registry) delete the service.
create----------Create a service (add it to the registry).
control--------- Send control to the service.
sdshow---------- shows the security descriptor of the service.
sdset----------- Set the security descriptor of the service.
showsid---------Displays the SID string corresponding to the assumed name.
triggerinfo-----Configure the trigger parameters of the service.
preferrednode---Set the preferred service NUMA node.
GetDisplayName--Get the DisplayName of the service
GetKeyName------ Get the ServiceKeyName of the service.
EnumDepend------ enumerates the dependencies of the service.
The following commands do not require a service name:
SC
boot------------(ok |
Bad) Indicates whether to save the last boot to
The last known correct boot configuration
Lock------------Lock the service database
QueryLock------ - Query the LockStatus
example of the SCManager database:
SC start MyService
QUERY and QUERYEX options:
If the query command has a service name, it will return
the status of the service. Other options are not suitable for this
situation. This service is enumerated if the query command takes no arguments or
has one of the following options.
type= The type of service to enumerate (driver, service, all)
default= service)
state= The state of the service to be enumerated (inactive, all)
(default= active )
bufsize= The size of the enumeration buffer (in bytes)
(default=4096)
ri=Recovery index number for starting enumeration
(default= 0)
group = service group to be enumerated
(default= all groups)
syntax example
SC query - enumerate the status of active services and drivers
SC query eventlog - display the status of the EVEntlog service
SC queryex eventlog - Display extended status of EVEntlog service
SC query type= driver - Enumerate only active drivers
SC query type= service - Enumerate only Win32 services
SC query state= all - All services and drivers
SC query bufsize= 50 - Enum buffer is 50 bytes
SC query ri= 14 - Retrieve index when enumerated = 14
SC queryex group= "" - Enumerate active services that are not in the group
SC query type= interact - enumerate all inactive services
SC query type= driver group= NDIS - enumerate all NDIS drivers