5/5 - (1 votes)

ZHPDiag – Module O23 (SMND)

In Operating systems Type Windows NTservice ( windows service) Is a Programs here works in the background. It is similar to a daemon byUnix.

A service must comply with interface rules and protocols du Service Control Manager, the component responsible for managing services.

Services can be configured to start when the operating system is started and run in the background as long as Windows is running. Alternatively, they can be initiated manually by the user or by an event that requires the service. Windows NT type operating systems include many services. The services are attached to three user accounts: the account System, the account Network service and the account Local service. Because services are associated with their own dedicated user accounts, they can operate without a user being logged in to the operating system. Services are often associated with host processes for Windows services. [Wikipedia]

Features

– This allows you to list all the services launched at system startup. Generic Microsoft services and disabled services are intentionally excluded from this listing. The search is carried out on the value ”ImagePath” of all subkeys of the Registry key [HKLM\SYSTEM\CurrentControlSet\Services].

ZHPDiag Overview

 

—\\ List of non-Microsoft and non-disabled NT services (5) – 2s
O23 – Service: Google Update Service (gupdate) (gupdate). (.Google Inc. – Google Installer.) – C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 – Service: NetLimiter 4 Service (nlsvc). (.Locktime Software – NetLimiter Service.) – C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe =>.Locktime Software sro®
O23 – Service: SoftEther VPN Client (SEVPNCLIENT). (.SoftEther VPN Project at University of Tsukuba, Japan – SoftEther VPN.) – C:\Program Files\SoftEther VPN Client\vpnclient.exe =>.SoftEther KK®

Example of infection

O23 – Service: Background Logic Handler (backlh). (.Copyright © 2016 – ExtManager.) – C:\ProgramData\Logic Cramble\set.exe =>PUP.Optional.LogicHandler
O23 – Service: Prefs Secure (Nettrans). (.Copyright © 2015 – Network Packet Monitor.) – C:\ProgramData\PrefsSecure\Nettrans.exe =>PUP.Optional.LogicHandler

ZHPFix action

O23 – Service: {Startup} ({KeyService}). (…) – {FileName}

[Key}: Registry Key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services}
{KeyService} : Subkey of the key {Key}
{Startup} : Value data “display name” of key {KeyService}
{FileName} : Value data “ImagePath” del key {KeyService}

1) The tool removeshas key {KeyService} and all its subkeys.
2) The tool deletes the file {FileName}

About the Author

Back to top