I'm familiar with processes that run as applications and others that run as a service. I don't understand the gorey details involved here but I know that if I want to disable either one, I can usually do so from MSConfig, the registry, or the services console.
But explain to me how a virus like SmitFraud can run underneath these types of processes, or shall we say overtop. SmitFraud will actually start in safe mode. It isn't in any of the run or runonce keys and isn't defined as a service in the services. So where is it?
I did have to deal with this virus the other day and found a removal tool that worked well. Just wish I could understand where such a process resides. I believe that some security software and internet content filtering software use this same scheme. I find them very undetectable, other than the obvious results that show on your screen, if any do.