Solved Disable non-standard services - methods

Hewlett-packard Hp pavilion dv9000 lapto...
May 16, 2012 at 05:37:44
Specs: XP, P4 3Ghz 3G ram
I have scripts and reg files to disable unnecessary "Standard" services but there are many that are not standard on customers computers, and I need to disable them too in a single batch file. Is there a wildcard for non-standard services? or
Is there a way to disable all services and then turn on the necessary services? maybe with a script then enable with my batch?

Why? We get several computer in that have hijacked computers or "New" fake services. I need something to disable unknown serivces to give me time to scan. (Yes I do remote the drive and scan as slave and use bootable scanners) but I have manually disabled unknown services (time-consuming) and restart which give me time to remove the trojans. These unknown services disable programs from running or disable admin rights etc.

The Computer Dr
Chris Robertson


See More: Disable non-standard services - methods

Report •

✔ Best Answer
May 16, 2012 at 13:02:50
Well, you can tell a service to shut down, but it's free to ignore your request, and it's free to tell Windows it cannot be shut down. Have you considered a making a WinPE disk, where you can remove the infection without having the virus fight you?

To answer your question, Windows has no concept of "standard" services, and really doesn't have a way to determine what services it came with. You can kill all of the services that allow it, and you could make a white list of allowed services and kill all that allow it but those. The kill all method would look something like this (untested):

for /f "tokens=*" %%a in ('net start') do echo y|net stop "%%a"

How To Ask Questions The Smart Way



#1
May 16, 2012 at 05:40:09
Define "standard"
Bonus define: "unknown"

How To Ask Questions The Smart Way


Report •

#2
May 16, 2012 at 07:24:38
Well, standard are the services that comes with windows. Unknown is effectively, all other services whose origin is unknown, or services not provided with windows.

There are trojan that turn them all off,(standard/default service, and non-standard) so obviously it is possible.

The Computer Dr
Chris Robertson


Report •

#3
May 16, 2012 at 08:23:16
normally viruses target specific services, not a general one, for example vundo disables/kills instances of many antivirus scans, however, if you rename the service it will miss killing it.

mike


Report •

Related Solutions

#4
May 16, 2012 at 11:59:09
Thanks, but the trojans I'm running into create generic services. I'm very aware of what they do. This new breed hijacks services, wireless hpz (HP service) and many more. Or they create new services. With that they are disabling & blocking the ability to run a program or run as administrator.
Yes I know how it functions and thats why I'm asking this question. I have a bat & reg file that will enable ONLY necessary services such as safe mode, but I need to turn all other services off first.
I simply need to know if there is a way for a program to go to each services and turn it off, regardless of the name.
Find service name
disable
find next service name
repeat.

The Computer Dr
Chris Robertson


Report •

#5
May 16, 2012 at 13:02:50
✔ Best Answer
Well, you can tell a service to shut down, but it's free to ignore your request, and it's free to tell Windows it cannot be shut down. Have you considered a making a WinPE disk, where you can remove the infection without having the virus fight you?

To answer your question, Windows has no concept of "standard" services, and really doesn't have a way to determine what services it came with. You can kill all of the services that allow it, and you could make a white list of allowed services and kill all that allow it but those. The kill all method would look something like this (untested):

for /f "tokens=*" %%a in ('net start') do echo y|net stop "%%a"

How To Ask Questions The Smart Way


Report •

#6
May 16, 2012 at 13:29:59
Yes I have, and with many service hijackers, you don't see much action unless the processes are running. I've run it as a slave and a few different bootable antivirus.
I know all the alternative ways to take care of that, and that's not my question at all, thank though.
That line worked like a charm! I Put it in a bat file and added the start services back. Should have started with that.

I do this manually, stop the services then do a permissions reset and I can install my scanners. They won't detect the trojan until it becomes active, then it will pick them up as I start the services. And thank you..

The Computer Dr
Chris Robertson


Report •

#7
May 23, 2012 at 07:38:14
I wanted to respond about how useful this tool is.
To test this, I used several external scanners and nothing caught this rootkit. I started windows, used this batch to shut all the services down and then as they restarted, my scanner picked it up, plus it gave me time to install/run the scan programs.
Since then it has help on several different repairs.

The Computer Dr
Chris Robertson


Report •

Ask Question