如何在批处理脚本中使用服务的显示名称删除Windows服务?
[英]How to delete windows service using display name of the service in a batch script?
问题描述
I need to delete a bunch of services that were created on PCs when they got infected with malware. 
我需要删除一台在感染了恶意软件的PC上创建的服务。 The service names are random, but the display names are all the same. 服务名称是随机的,但显示名称都相同。 I am not good with batch files, so I have no idea how to write the script. 我对批处理文件不好,所以我不知道如何编写脚本。
Tried using a powershell script, but could not get it to work. 尝试使用Powershell脚本,但无法使其正常工作。 This is on a Windows 7 machine. 这是在Windows 7计算机上。
sc getkeyname ControlSysService
When I enter the code above I get the following result. 当我输入上面的代码时,我得到以下结果。
[SC] GetServiceKeyname SUCCESS
Name = zmzhsirmck
Besides ControlSysService there would be about 10 other display names. 除了ControlSysService,还有大约10个其他显示名称。 I have all the display names I just need the script to delete the service using the display name. 我拥有所有显示名称,我只需要脚本即可使用显示名称删除服务。
input Display name
get service name
sc delete service
3 个解决方案
解决方案1
1 已采纳 2019-02-19 11:38:40
You can probably do this using WMIC : 您可能可以使用WMIC做到这一点:
In order to use your known Display Names, you can run this from the Command Prompt 为了使用您已知的显示名称,您可以从命令提示符处运行它。
For %A In ("FirstName" "Second Name" "Third Display Name") Do @WMIC Service Where "DisplayName='%~A'" Call Delete
And as a batch file: 并作为批处理文件:
@Set List="FirstName" "Second Name" "Third Display Name"
@For %%A In (%List%) Do @WMIC Service Where "DisplayName='%%~A'" Call Delete
Obviously in both cases you'd replace "FirstName" "Second Name" "Third Display Name" with your known display names, (each enclosed with doublequotes). 显然,在两种情况下,您都将"FirstName" "Second Name" "Third Display Name"替换为已知的显示名称(每个名称都用双引号引起来)。
解决方案2
0 2019-02-19 00:43:15
Open the cmd as administrator and use the command: 以管理员身份打开cmd并使用以下命令:
sc delete "service name"
To get the service name, enter properties: properties of a service. 要获取服务名称,请输入属性: 服务的属性。 Just take what's in the name of the service 只需以服务的名义
解决方案3
0 2019-02-19 04:40:29
@echo off
setlocal
rem List of space separated display names using regular expressions.
set "regexp=Windows\ Update ReadyBoost"
set "mainkey=HKLM\SYSTEM\CurrentControlSet\services"
for /f "delims=" %%A in ('reg query "%mainkey%"') do (
for /f "tokens=1,2* delims= " %%B in ('2^>nul reg query "%%~A" /v DisplayName') do (
if /i "%%~B" == "DisplayName" if not "%%~D" == "" (
echo %%D | findstr /r /i "%regexp%" 2>nul >nul && (
echo KeyName: %%~nxA
echo DisplayName: %%D
echo sc delete "%%~D"
)
)
)
)
The code iterates through the services key for the subkeys. 该代码遍历子项的服务项。
It will read the DisplayName value in each subkey to get the date value. 它将读取每个子项中的DisplayName值以获取日期值。
The DisplayName value is echoed to findstr which compares to a regular expression string which is space separated strings to find. DisplayName值将回显到findstr ,它与正则表达式字符串进行比较,后者是用空格分隔的字符串。 The strings will be matched case insensitive as to using the argument /i with findstr . 字符串将不区分大小写,以与/i findstr参数一起使用findstr 。 As shown with Windows Update which has a space, escape the space with a preceding backslash. 如带有空格的Windows Update所示,请使用前面的反斜杠将其转义。
If tested OK, modify the value of regexp and remove the echo in front of the sc command. 如果测试通过,请修改regexp的值并删除sc命令前面的echo 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.