After I've read the tutorial on "How Malware hides and is installed as a service on Windows NT/XP/2000/2003", I've learned alot of things about services! However, I still have some questions regarding to it. I know that a service is launched by its corresponding value of ServiceDLL, or the actual service file used to start the service in the registry. My questions are:
1)If the service for a certain program had stopped, such as Windefend service had stopped. Will I still be able to run Window defender?
2)If the value of ServiceDLL for a particular service is missing, changed or corrupted, will the service still able to run? Will it ever happen?
3)If a service does not have a group name specified, does that mean it is lanunched by Window?
4)My last question is what confuse me the most, I want to want what's the difference between processes and services?
I will be really really appreciative if someone can answer these question, and thanks to Bleeping computer for writing such helpful tutorial, benefit me alot