Removing 023 NT Service... infection

August 2016


Some Trojans use a component of their service, in addition to other programs launched at startup for their resettlement.

The Delete NT service option found in the Miscellaneous Tools of HijackThis can be used for deleting Trojans on your computer.

Method of Desinfection

  • First of all, download Unlocker
  • Then launch the application.
  • Use Unlocker as it will force the shutdown of the service for deletion on your system.
  • To know if the file has been deleted from your system, scan your computer with HijackThis and ensure the file is now missing.
  • Then Fix the line with HijackThis and restart your computer. (select the line> "Fix checked")

Warning! Do not stop the process directly because the infection comes back automatically at startup.

In the event of concern, there is another method to delete a service under XP.

To remove the service under XP:
  • Click Start, then Run
  • Type the following command and press the Enter key
  • cmd
  • In the command prompt:
  • sc stop Name_of_service
  • Press Enter
  • sc delete Name_of_service
  • Then press the Enter key again.
  • Then closed the black window.
  • The service name is in brackets on the Hijackthis report (lines O23).
  • Names with spaces should be quoted when you remove the service from the command line.

See also :

This document entitled « Removing 023 NT Service... infection » from CCM ( is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.