Batch User Posted January 9, 2007 Posted January 9, 2007 I am writing another removal tool using Visual Basic and this virus loads as a service and protects it self. It can not be shutdown via safemode nor can it be via services.msc. So I need to make something that can kill this service. Does anyone know how I would go about writing it to kill a PROTECTED service? And no, setting the process token to SeDebugPriveledges does not help.
IcemanND Posted January 9, 2007 Posted January 9, 2007 have you tried deleting the registry keys associated with the service? Or try deleting all permissions to the key so that even system cannot read it then reboot make sure that the service is not started. And delete it.Another option. Find the associated files, delete all permissions for the file, reboot. Then return to the file give only the current logged on user the minimum rights to delete the files and delete them. then remove the remaining juck left behind.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now