I have encountered many different pieces of Malware and recently with Vundo and its variants the type that hides as a service.
I was overjoyed when I found the "How Malware hides and is installed as a service" tutorial on this site.
It was a great help in understanding the nature of the precocious little beasts but as you can guess I have some questions regarding the tutorial.
In the first (simple) example the service name is quite obviously wrong and therefore it's quite a simple job to find it and eliminate it.
My problem lies with example two in that, how did it become clear that the problem was with the service named pnpsvc you don't mention that this isn't a valid service name? This is not explained.
I recently tried using this method to fix a "Malware" infection but my biggest, and most time consuming problem was trying to work out which services were valid and which were not.
Is there a utility available which can get the list of services and tell you which are "known" or "valid" and those which are suspect?