Bad Windows 7 service??? - TechRepublic
General discussion
February 15, 2011 at 01:10 PM
chris

Bad Windows 7 service???

by chris . Updated 15 years, 4 months ago

While doing a virus cleanup on a clients win 7 x32 laptop (domain environment), I noticed a service that I cannot set to manual (or disabled for that matter) It bugs me because the service looks like a typical malware keyboard mash…. Display name = “ghykva” and Service name = “nrdgzkwb” If I try to set to manual or disabled I get “Access Denied” in normal or safe mode.

This user did get the conficker worm, (I think from charging her IPhone) – which had some shared music on it and I think was uploading the virus when it synced….I uninstalled ITunes and stopped that issue and I was able to remove conficker and some other adware/tracking cookies…and all AV scans show clean now but I still cant seem to change the startup on this service and I am worried it may be malware….
Google research on both the display and service name either shows no results or just some Romanian Prince , or other foreign authors, artists etc….nothing windows or PC releated…

Has anyone seen this service before? know if it is safe ? or not and how to remove/set to manual or disable?

This discussion is locked

All Comments