Virus Name:
Hacktool file name: c: /winnt/system32/NTService.exe operation: Delete failed, isolation failed, access was rejected 1,
How can I remove it thoroughly?
Because C: /Winnt/System32/NTService.exe is already running, direct deletion is obviously impossible. So I run the Windows Task Manager, select End NTService.exe process in the process tab, and the result system displays "Unaffected Process, Reject Access".
What is a console
Console is
A simple running mode of Windows, which can locate the FAT and NTFS partitions in the command line state, and some settings and operations are made for the system. Through the console, we can replace the system file, turn off or disable a system service, disable or uninstall the hardware device, repair the boot sector, new partition, and format hard disk partitions.
Start console
for
Windows 2000, we can use the CD, then press the R key in the installer's menu to select "Fix the Windows 2000 Installation", and then press the C button from the repair menu to select "Fault Recovery Console Repair Windows2000". For WindowsXP, you can also start your computer with an CD, then press R to select Repair, you can enter the console directly. Install the relevant options of the console to the method in the startup menu: put the disc in the optical drive, then enter "D: / I386 / WinNT32 / CMDCONS" in the run (now assume your CD-ROM D), Click "Yes", you can install the console option to the Advanced Launch menu, so you can enter the console directly from the hard disk. This method is suitable for Windows 2000 and Windows XP. At the console command prompt, for the security, I first back up NTSERVICE.EXE, then run directly: del C: /winnt/system32/ntservice.exe is OK.
2, simpler way here:
1 Open a Word document first, please do something else to save. 2 Select Shutdown - Restart System Tips Word Not Save, Wait for a while, then select Cancel. At this time, most processes are turned off, including NTService.exe. At this point, you can delete the NTService.exe file.
3, this is too much trouble, it is better to enter the security mode directly, the process can stop
You can modify it in the registry!