Win7 Method for removing Windows services

Remove the virus hidden in the Vista system service by removing the Windows service. First, what is the Windows service Windows service is also called Windows Service, it is the basis of the Windows operating system and Windows network, is part of the core of the system, it supports the various operations of the entire Windows. Services such as DNS clients, print programs, Windows update services, scheduled tasks, Windows time services, etc., are related to whether the machine can run correctly. If these services are not properly managed, it will affect the normal operation of the machine. A service is first a Win32 executable, or a process that is rundll32.exe to run a .dll. Unlike normal applications, such as opening WORD, there is an interface, but the service does not have a user interface. It is also not possible to run by directly double-clicking the corresponding .exe program. Second, how does Windows control a service? The Windows service is managed by a higher-level services.exe service, which is managed by it, responsible for starting, stopping, running, and suspending services. Our most common operation is to complete the related operations through the Windows service MMC interface. In the Windows 7 system, we click on the start menu, enter "ldquo; service" in the search box, double-click the first result of the top to open the service management, in Vista and XP system, you can also open by running services.msc Service Management —— Third, how to delete the Windows service now rogue software, more and more to register yourself as a service. Generally, non-Windows system services are listed as 023, as in the following paragraph: O23 - Unknown - Service: BKMARKS [Provides a data security protection mechanism for the transport protocol to effectively maintain security and integrity in data transmission. ] - C:WINDOWSSYSTEM32RUNDLL.EXE O23 - Unknown - Service: ewido anti-spyware 4.0 guard [ewido anti-spyware 4.0 guard] - D:Program Filesewido anti-spyware 4.0guard.exe O23 - Unknown - Service: KSD2Service [KSD2Service] - C:WINDOWSsystem32SVCH0ST.exe For these rogue software, you need to delete the related .exe file so that it can no longer run, or directly clear the service itself, so that when the computer restarts, it will not start again. There are two ways to delete: Method 1: Use the sc.exe Windows command Click Start Menu -> All Programs -> Attachments -> Command Line Program, select "Run as administrator" in the right-click menu.

In this way, open a command line program as an administrator, enter sc plus parameters, and the usage is very simple: sc delete "service name" (if there is a space between the service name, you need to Quoted) For the above: sc delete KSD2Service sc command details, see the bottom of this article, Windows7 Home /Vista House has helped you organize. Method 2: Direct registry editing (not recommended) Open the registry editor and find the following key values: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services The general service will display a main key here with the same name, directly delete the relevant key. The value is OK.
four, special circumstances 1, if the service shows rundll32.exe, and this file is located in the system32 directory, then you can not delete the rundll32.exe file, it is a Windows system file. At this time, just clear the relevant services. 2. If a service is deleted and it is automatically created, it indicates that the process is monitoring and protecting. You need to kill the corresponding process in the process manager, or press F8 after startup to delete it in Win7/Vista security mode. //////Appendix: SC Command Line Program Parameter Details ///////Description: SC is a command line program used to communicate with the Service Control Manager and services. Usage: sc [command] [service name] ... The format of the option is "\\\\ServerName" Type "sc [command]" to get further help commands for the command: query-------- ---Query the status of the service, or enumerate the status of the service type. Queryex---------Query the extended status of the service, or enumerate the status of the service type. Start----------- Start the service. Pause----------- Send a PAUSE control request to the service. Interrogate-----Send an INTERROGATE control request to the service. Continue--------Send a CONTINUE control request to the service. Stop------------ Send a STOP request to the service. Config----------Change the configuration of the service (permanent). Description-----Change the description of the service. Failure---------Change the action performed when the service fails. Failureflag-----Change the service's failed operation flag. Sidtype---------Change the service's service SID type. Privs-----------Change the required permissions for the service. Qc--------------Query the configuration information of the service. Qdescription----Query the description of the service. Qfailure--------The operation performed by the service when the query fails. Qfailureflag----Query the service's failed operation flag. Qsidtype--------Query the service's service SID type. Qprivs----------Query the required permissions of the service. Qtriggerinfo----Query the trigger parameters of the service. qpreferrednode--Query the preferred service NUMA node. Delete---------- (from the registry) delete the service. Create----------Create a service (add it to the registry). Control--------- Send control to the service. Sdshow---------- displays the security descriptor of the service. Sdset----------- Set the security descriptor of the service. Showid--------- displays the SID string corresponding to the assumed name. Triggerinfo-----Configure the trigger parameters of the service. Preferrednode---Set the preferred service NUMA node. GetDisplayName--Get the DisplayName of the service GetKeyName------ Get the ServiceKeyName of the service. EnumDepend------ enumerates the dependencies of the service. The following command does not require a service name: sc boot------------(ok bad) Indicates whether to save the last boot as the last known correct boot configuration Lock-------- ----Lock the service database QueryLock------- Query the LockStatus example of the SCManager database: sc start MyService QUERY and QUERYEX options: If the query command has a service name, the status of the service will be returned. Other options are not suitable for this situation. This service is enumerated if the query command takes no arguments or one of the following options. Type= The type of service to enumerate (driver, service, all) Default = service) state= The state of the service to be enumerated (inactive, all) (default = active) bufsize= The size of the enumeration buffer (in words) Count) (default = 4096) ri= Recovery index number to start enumeration (default = 0) group= service group to enumerate (default = all groups) Syntax example sc query - enumerate the status of active services and drivers Sc query eventlog - displays the status of the eventlog service sc queryex eventlog - displays the extended status of the eventlog service sc query type= driver - enumerates only active drivers sc query type= service - enumerates only Win32 services sc query state= all - enumeration All services and drivers sc query bufsize= 50 - Enum buffer is 50 bytes sc query ri= 14 - Retrieve index when enumerated = 14 sc queryex group= "" - Enumerate active services sc not in the group Query type= interact - enumerate all inactive services sc query type= Driver group= NDIS - enumerates all NDIS drivers