I was working on a client’s malware-infected computer earlier. After getting past the big infections, I was doing a more thorough spot-check and noticed some unwanted Browser Helper Objects (spyware) still latching on to Internet Explorer. They also had entries in the Control Panel, Add/Remove Programs list. I told them to uninstall but it essentially did nothing. The files were left behind, registry entries were left behind, they still existed in Internet Explorer, and they even had Services running an application to check for updates.
I scoured the Registry for the remaining entries. This pointed me where to find the remnant files which I tried to delete. A few were unable to be deleted as they were in use. I checked the services and found the update service. I stopped the service and was able to delete the file but wasn’t content to let the service remain even if it was stopped and disabled.
You can get to Services through Computer Management or going to Start, Run and typing Services.msc. This gives you a list like below. You can sort by status, name, or startup type to try to identify what you are looking for and troubleshoot by stopping, starting, or restarting a service.
To delete the service, you must use an elevated command prompt. Go to Start and type CMD. Right click on Command Prompt and choose Run As Administrator. At the command prompt that you are given, run:
sc delete [ServiceName]
You can see the Service Name in the Services.msc window that we previously opened.
After running the command, you should receive a simple ‘Success’ confirmation that the service was deleted.
Obviously deleting services isn’t an everyday thing but it has its time and place. Deleting it through the above command makes it pretty easy. You can also do other service troubleshooting with the command such as starting and stopping services, including on remote computers. For more details on the sc command, from the command prompt, run: sc /?