Remove stubborn virus with system console

One of my operating system for Win2000 server notebook computer recently infected with the virus, I first use the relevant anti-virus software to scan the computer, scan the report as follows:

Virus Name: Hacktool

FileName: C:\winnt\system32\ntservice.exe

Action: Delete failed, quarantine failed, Access denied

How can you remove it altogether?

Since C:\winnt\system32\ntservice.exe is already running, it is obviously impossible to delete it directly. So I ran Windows Task Manager, and in the Process tab, I chose to end the Ntservice.exe process and the system showed "unable to abort process, deny access".

It suddenly occurred to me that a DOS command is available in the console state of Win (XP).

What is a console

The console is a simple Windows operating mode that allows you to restrict access to FAT and NTFS partitions in the command line state without starting the graphical interface, and to set up and manipulate the system.

Through the console, we can replace system files, turn off or disable a system service, disable or uninstall hardware devices, repair boot sectors, create new partitions, and format hard disk partitions.

Start the console

For Windows 2000, we can start the computer with a CD-ROM, then press R in the menu of the installer to select "Repair Windows 2000 Installation" and press C in the Repair menu to select "Recovery Console Repair Windows2000".

For Windows XP, the same is the CD to start the computer, and then press R to select Repair, you can go directly to the console.

Directly install the relevant options of the console to the boot menu: Put the CD into the CD-ROM drive, and then enter the "d:\i386\winnt32/cmdcons" directly into the operation after the return (this assumes that your CD drive is D), and then click "Yes", you can install the console option to the Advanced Boot menu, This will allow you to enter the console directly from the hard drive. This method applies to Windows 2000 and Windows XP.

At the command prompt at the console, for security reasons, I first backup the Ntservice.exe and run directly: Del C:\winnt\system32\ntservice.exe is OK.