Zapping f-prot service with process explorer

Zapping f-prot service with process explorer
Secure Home | Search | About
Login Password
Register Now! Lost Password?

Anti-Virus Software - Computer security - anti-virus software 

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Zapping f-prot service with process explorer James Egan 06-21-2009
Posted by James Egan on June 21, 2009, 10:45 am
If you were  Registered and logged in, you could reply and use other advanced thread options

Hello again all, (well, nearly all) :)

In yet another failed attempt to install vista sp1 on my dell inspiron
I got sidetracked onto another issue.

I tried killing the process FPAVServer.exe with Process Explorer but
it was immediately restarted and I couldn't kill it. Not a bad trait,
I know, but if F-Prot can avoid being killed then maybe so can some
malware if something slips through.

What actually happened when I killed the "FPAVServer.exe" process was
that "fssf.exe" started up, it was this that appeared to restart
"FPAVServer.exe" and then close itself down. At least it disappeared
from the list of running processes so I couldn't just close down a
process tree. FPAVserver's parent process wasn't visible to do that.

In contrast, on my xp desktop when I zapped FPAVServer.exe with
process explorer, it was gone for good without as much as a complaint.

Incidentally, fssf.exe is located in the main f-prot installation
directory.

So I would like to know what it is that's available to running
processes in vista to stop them being zapped which isn't available in
xp? And also how can I zap something in vista when some invisible
"minder" type process is immediately restarting it?

TIA


Jim


Posted by David H. Lipman on June 21, 2009, 10:57 am
If you were  Registered and logged in, you could reply and use other advanced thread options


| Hello again all, (well, nearly all) :)

| In yet another failed attempt to install vista sp1 on my dell inspiron
| I got sidetracked onto another issue.

| I tried killing the process FPAVServer.exe with Process Explorer but
| it was immediately restarted and I couldn't kill it. Not a bad trait,
| I know, but if F-Prot can avoid being killed then maybe so can some
| malware if something slips through.

| What actually happened when I killed the "FPAVServer.exe" process was
| that "fssf.exe" started up, it was this that appeared to restart
| "FPAVServer.exe" and then close itself down. At least it disappeared
| from the list of running processes so I couldn't just close down a
| process tree. FPAVserver's parent process wasn't visible to do that.

| In contrast, on my xp desktop when I zapped FPAVServer.exe with
| process explorer, it was gone for good without as much as a complaint.

| Incidentally, fssf.exe is located in the main f-prot installation
| directory.

| So I would like to know what it is that's available to running
| processes in vista to stop them being zapped which isn't available in
| xp? And also how can I zap something in vista when some invisible
| "minder" type process is immediately restarting it?

| TIA


| Jim


net stop <service_name>
sc stop <service_name>

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by James Egan on June 21, 2009, 2:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

On Sun, 21 Jun 2009 10:57:05 -0400, "David H. Lipman"

>| So I would like to know what it is that's available to running
>| processes in vista to stop them being zapped which isn't available in
>| xp? And also how can I zap something in vista when some invisible
>| "minder" type process is immediately restarting it?
>
>| TIA
>
>
>| Jim
>
>
>net stop <service_name>
>sc stop <service_name>

Ultimately, it's not the service I want to stop though, Dave, it's the
program which keeps restarting it. My use of F-Prot was just the
example which brought it to my attention. I suspect any malware using
the same technique might not have such an entry in the services list.


Jim.


Posted by David H. Lipman on June 21, 2009, 3:00 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


| On Sun, 21 Jun 2009 10:57:05 -0400, "David H. Lipman"

>>| So I would like to know what it is that's available to running
>>| processes in vista to stop them being zapped which isn't available in
>>| xp? And also how can I zap something in vista when some invisible
>>| "minder" type process is immediately restarting it?

>>| TIA


>>| Jim


>>net stop <service_name>
>>sc stop <service_name>

| Ultimately, it's not the service I want to stop though, Dave, it's the
| program which keeps restarting it. My use of F-Prot was just the
| example which brought it to my attention. I suspect any malware using
| the same technique might not have such an entry in the services list.


| Jim.


Yes, there are hidden services. The TDSserv RootKit loads as a hidden service.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by jen on June 22, 2009, 12:21 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
>
> Hello again all, (well, nearly all) :)
>
> In yet another failed attempt to install vista sp1 on my dell inspiron
> I got sidetracked onto another issue.
>
> I tried killing the process FPAVServer.exe with Process Explorer but
> it was immediately restarted and I couldn't kill it. Not a bad trait,
> I know, but if F-Prot can avoid being killed then maybe so can some
> malware if something slips through.
>
> What actually happened when I killed the "FPAVServer.exe" process was
> that "fssf.exe" started up, it was this that appeared to restart
> "FPAVServer.exe" and then close itself down. At least it disappeared
> from the list of running processes so I couldn't just close down a
> process tree. FPAVserver's parent process wasn't visible to do that.
>
> In contrast, on my xp desktop when I zapped FPAVServer.exe with
> process explorer, it was gone for good without as much as a complaint.
>
> Incidentally, fssf.exe is located in the main f-prot installation
> directory.
>
> So I would like to know what it is that's available to running
> processes in vista to stop them being zapped which isn't available in
> xp? And also how can I zap something in vista when some invisible
> "minder" type process is immediately restarting it?

Did you try disabling UAC before "zapping"?

-jen



Similar ThreadsPosted
FPROT Updates Daily March 29, 2005, 4:03 pm
What is name of running process for AVG, please? June 1, 2008, 10:05 pm
Is process "15dee891.exe" a virus? September 3, 2005, 11:21 am
Task Manager process January 28, 2010, 7:34 am
Virus that corrupts process names December 4, 2005, 11:19 pm
Explorer.exe CPU usage September 2, 2006, 9:23 am
Generic Host Process for Win32 Services. September 26, 2005, 12:37 pm
Q: Generic host process for Win32 Services December 2, 2006, 7:45 am
Internet Explorer Popups September 4, 2005, 7:03 pm
internet explorer 7 dissapears March 23, 2009, 10:28 am

The site map in XML format XML site map

Contact Us | Privacy Policy