Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Malware Hidden As A Service

  • Please log in to reply
No replies to this topic

#1 gazztheman


  • Members
  • 1 posts
  • Local time:04:07 PM

Posted 17 December 2007 - 10:51 AM

I have encountered many different pieces of Malware and recently with Vundo and its variants the type that hides as a service.
I was overjoyed when I found the "How Malware hides and is installed as a service" tutorial on this site.
It was a great help in understanding the nature of the precocious little beasts but as you can guess I have some questions regarding the tutorial.
In the first (simple) example the service name is quite obviously wrong and therefore it's quite a simple job to find it and eliminate it.
My problem lies with example two in that, how did it become clear that the problem was with the service named pnpsvc you don't mention that this isn't a valid service name? This is not explained.
I recently tried using this method to fix a "Malware" infection but my biggest, and most time consuming problem was trying to work out which services were valid and which were not.
Is there a utility available which can get the list of services and tell you which are "known" or "valid" and those which are suspect?

Edited by gazztheman, 17 December 2007 - 10:53 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users