Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
I have encountered many different pieces of Malware and recently with Vundo and its variants the type that hides as a service.
I was overjoyed when I found the "How Malware hides and is installed as a service" tutorial on this site.
It was a great help in understanding the nature of the precocious little beasts but as you can guess I have some questions regarding the tutorial.
In the first (simple) example the service name is quite obviously wrong and therefore it's quite a simple job to find it and eliminate it.
My problem lies with example two in that, how did it become clear that the problem was with the service named pnpsvc you don't mention that this isn't a valid service name? This is not explained.
I recently tried using this method to fix a "Malware" infection but my biggest, and most time consuming problem was trying to work out which services were valid and which were not.
Is there a utility available which can get the list of services and tell you which are "known" or "valid" and those which are suspect?
I was overjoyed when I found the "How Malware hides and is installed as a service" tutorial on this site.
It was a great help in understanding the nature of the precocious little beasts but as you can guess I have some questions regarding the tutorial.
In the first (simple) example the service name is quite obviously wrong and therefore it's quite a simple job to find it and eliminate it.
My problem lies with example two in that, how did it become clear that the problem was with the service named pnpsvc you don't mention that this isn't a valid service name? This is not explained.
I recently tried using this method to fix a "Malware" infection but my biggest, and most time consuming problem was trying to work out which services were valid and which were not.
Is there a utility available which can get the list of services and tell you which are "known" or "valid" and those which are suspect?
This post has been edited by gazztheman: 17 December 2007 - 10:53 AM
Back to top
