Two HijackThis Items Worry Me

Hi -

I run a HijackThis log every few months or so even though I do not have problems. I noticed a couple of suspicious items and wonder if anyone can help me decipher these two items in my HijackThis log.

Item one is worrisome as it has no file and no owner.. Does anyone know if it should be removed?

O23 - Service: svcWRSSSDK - Unknown owner - (no file)

The following may be left behind after removing NAV and running the Norton Removal Tool, but I am not sure:

O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

Any help will be appreciated.

Ann

 

O23 - Service: svcWRSSSDK - Unknown owner - (no file)

Webroot Spy Sweeper Engine

O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

Check Services to see if SymWMI Service is still listed and set to Start. It probably wasn't disabled before removal.

 

To remove the Symantec service, click Start>Run, enter the following two commands one at a time, hitting enter after each.

sc stop SymWSC
sc delete SymWSC

 

Whiskeyman - Thank you so much. I no longer have SpySweeper, so I can let HijackThis delete or remove. I do not find SymWMI Service in Services.

noahdfear - I did as you suggest, but I did not see anything happen. Am going to run another HijackThis log and see if it is gone. Will let you know if I got rid of it or not. Thanks a bunch.

Ann

 

Since you no longer have Spy Sweeper, do these two as well.

sc stop svcWRSSSDK
sc delete svcWRSSSDK

 

noahdfear - it worked. SymWMI Service is no longer listed in HijackThis log.
Too late for Spysweeper, but I did remove it via Hijackthis by checking Fix.
I am printing out this thread for my information. Thanks!

 

Fixing a service with HijackThis will usually only stop it if running. Is it gone now?

 

noahdfear,

No, it was still listed in HijackThis log. I quickly ran your fix and, once again, it worked. The SpySweeper entry is gone. I have learned several things today and that is always a good thing. Thanks for your help.

Ann

 

Happy to help.

 

Hi noahdfear,

I was reading my notes and thought I'd ask you if this procedure to stop and delete works with any service you have running. A little knowledge is a dangerous thing!

 

Hi Ann,

Yes it does, but you have to get the name of the service right. Using your's above as examples;

O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

When you look in the services applet (Start>Run>services.msc), that service is listed as SymWMI Service. That's it's display name. In the registry, it's key name is SymWSC, as shown in parenthesis above. To delete the service using the sc delete command, you must use the key name.

O23 - Service: svcWRSSSDK - Unknown owner - (no file)

Display name (if displayed) and key name are the same ....... svcWRSSSDK

The sc stop command must be used prior to the sc delete, always. Can't delete a service if it's running (I'm sure you knew that already, just threw it in for good measure ).

 

Thank you, noahdfear. Saving my notes on this thread, one more time.

 

You're welcome Ann