What is a Service?
A Windows service is a executable program that runs in the background of the Microsoft Windows operating system. It performs specific functions and is designed not to require any user intervention to run. They usually are configured to start when Windows is started and run in the background all the time. Although they can be started manually if needed. An example of a windows service is your antivirus program or another security program that is used for real-time protection.
In Windows Vista, I've noticed some services will remain running even though I've uninstalled the software. When I run a Hijackthis log, I see the service still installed, even though the files pertaining to the service may have already been deleted. In a case such as this, I want to be able to delete or remove the service from even starting.
What Windows Services are currently running?
To see what windows services are currently running in the background, follow these steps:
1) Click on Start or the Windows Vista Orb
2) In Windows Vista, type the following command in the search box and press Enter
msconfig
3) Click on the Services tab and you'll see what services are currently running, stopped, or disabled on your computer.
4) Click on the box entitled "Hide all Microsoft Services" to see only Non-Microsoft programs running in the background as services. In the example screenshot below you'll see the Avast antivirus, Acer recovery software (since its an Acer computer), Lightscribe software for the DVD drive, and DVD software.
However, here is the problem. When I run Hijackthis on the computer, I see the following service for Symantec running. Even though I removed the Norton software from the computer over a year ago. You'll notice it shows the file is missing, but the service is still running and active.
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
So How Do I Remove This Service From Windows Vista?
In order to remove a service from Windows Vista, you'll need to know the name of the service, to find this out look in your hijackthis log for the filename. In the example above the filename is ccSvcHst.exe. Luckily with Hijackthis, the name of the file is in parentheses directly after it. In the example above, the name is CLTNetCNService. However, what if you dont use Hijackthis or you don't know the exact name of the service. Follow these steps to determine the exact filename of the service to be removed.
1) Click on the Windows orb
2) Type REGEDIT and press Enter in the search box and click Continue to the User Access Control prompt
3) Click on Edit at the top of the window and click Find. In the example above, you would type ccsvchst.exe and press Enter.
4) You'll find the filename located in a key in the following registry section
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
5) Once you've located the filename, look at the yellow folder name where the filename resides, this is the Service name. Refer to the screenshot below as an example. The name CLTNetCnService is the name of the folder where this Symantec service resides.
6) Write this information down and close the Registry editor
Now its time to delete the service. Follow these steps.
1) Click on the Windows orb and type CMD and press Enter to open a command prompt
2) Type the following command, substituting the name of the service found above for the term servicename, and press Enter.
sc delete servicename
for example: sc delete CLTNetCnService
4) If the deletion was successful, you'll see the following response.
[SC] DeleteService SUCCESS
5) Type Exit to close the command prompt
6) Open Hijackthis and review a log, the service should be gone.
Congratulations! The service has been removed from your Windows Vista computer.