Zapping f-prot service with process explorer

  • Thread starter Thread starter James Egan
  • Start date Start date
J

James Egan

Hello again all, (well, nearly all) :)

In yet another failed attempt to install vista sp1 on my dell inspiron
I got sidetracked onto another issue.

I tried killing the process FPAVServer.exe with Process Explorer but
it was immediately restarted and I couldn't kill it. Not a bad trait,
I know, but if F-Prot can avoid being killed then maybe so can some
malware if something slips through.

What actually happened when I killed the "FPAVServer.exe" process was
that "fssf.exe" started up, it was this that appeared to restart
"FPAVServer.exe" and then close itself down. At least it disappeared
from the list of running processes so I couldn't just close down a
process tree. FPAVserver's parent process wasn't visible to do that.

In contrast, on my xp desktop when I zapped FPAVServer.exe with
process explorer, it was gone for good without as much as a complaint.

Incidentally, fssf.exe is located in the main f-prot installation
directory.

So I would like to know what it is that's available to running
processes in vista to stop them being zapped which isn't available in
xp? And also how can I zap something in vista when some invisible
"minder" type process is immediately restarting it?

TIA


Jim
 
| So I would like to know what it is that's available to running
| processes in vista to stop them being zapped which isn't available in
| xp? And also how can I zap something in vista when some invisible
| "minder" type process is immediately restarting it?

| TIA


| Jim


net stop <service_name>
sc stop <service_name>
Click to expand...

Ultimately, it's not the service I want to stop though, Dave, it's the
program which keeps restarting it. My use of F-Prot was just the
example which brought it to my attention. I suspect any malware using
the same technique might not have such an entry in the services list.


Jim.
 
James Egan said:
Hello again all, (well, nearly all) :)

In yet another failed attempt to install vista sp1 on my dell inspiron
I got sidetracked onto another issue.

I tried killing the process FPAVServer.exe with Process Explorer but
it was immediately restarted and I couldn't kill it. Not a bad trait,
I know, but if F-Prot can avoid being killed then maybe so can some
malware if something slips through.

What actually happened when I killed the "FPAVServer.exe" process was
that "fssf.exe" started up, it was this that appeared to restart
"FPAVServer.exe" and then close itself down. At least it disappeared
from the list of running processes so I couldn't just close down a
process tree. FPAVserver's parent process wasn't visible to do that.

In contrast, on my xp desktop when I zapped FPAVServer.exe with
process explorer, it was gone for good without as much as a complaint.

Incidentally, fssf.exe is located in the main f-prot installation
directory.

So I would like to know what it is that's available to running
processes in vista to stop them being zapped which isn't available in
xp? And also how can I zap something in vista when some invisible
"minder" type process is immediately restarting it?
Click to expand...

Did you try disabling UAC before "zapping"?

-jen
 
Did you try disabling UAC before "zapping"?

-jen
Click to expand...

Yes. UAC got permanently disabled very early on. I'd rather have the
added risk than the persistent hassle.



Jim.
 
James Egan said:
Yes. UAC got permanently disabled very early on. I'd rather have the
added risk than the persistent hassle.
Click to expand...

Then maybe Windows Defender is thwarting your efforts?

-jen
 
Back
Top