Strange Services

[Guest]

Services.msc and i found some strange Services this morning. Installed SP2
couple of days ago. These Services are set disabled or manual by default and
can not be started, no path to executable attached to it and no dependencies.
They are also listed in registry under:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
and
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services

The Strange Services are:
Asntamvlwch (Manual)
Gpapis (Disabled)
I2comln (Diasabled)
Mraidekvwar (Manual)
Ndiiasrna (Manual)


They are also listed in Registry under Root... Legacy_Driver
Googled and nothing came up, so my question is:

Where they come from and how to get rid of them from the Services list?

Thank you in advance
Arman,

 

[Ed Hansen]

Hi Arman,

Yea! someone with the same problem as me. I too have 5 strange
services running (like yours gibberish names, no path to executable,
some disabled, etc.)

Unfortunately, I don't know what they are or what to do about them.
I think they have something to do with Adobe product activation. (do
you have any Adobe or other products that use macrovision safecast
copy protection?)

If this is not the case, then I'm really worried about this. At one
point I disabled them all and deleted them from the registry. When I
started Photoshop it told me my system changed and I needed to
re-activate. But maybe just removing these services made adobe think
my system had changed and they have nothing to do with adobe.
Let me know if I'm right or if you find out anything else about this.

Ed

 

[soutine]

Hi Arman- it's Ed,
I'm glad I finally found someone to talk to about this.
I posted a question like your original on every forum from adobe t
winguides and nobody knows anything. Standard reply 'run adaware'

What's driving me nuts is that not everyone who has activated adobe ha
this problem (or maybe they havent looked). So it must also hav
something to do with our configuration (like having manually disable
some services, maybe remote registry?)

I installed PSCS on my son's computer just to see what would happen
When installation was complete he had a couple of these weirdy thing
running, but upon reboot, they disappeared. That's probably the wa
it's supposed to work. Periodically one will show up, but disappears o
reboot too.

I deleted these things from the registry and they just come back wit
different gibberish names. If you run 'services.msc' and manuall
disable one, after a time, you'll have to re-activate. Then mor
show-up. And the old ones stay. Maybe my doing this is what threw th
whole process out-of-whack.

BTW mine showup in msconfig. Anyway keep me posted on any progress.

Ed.

PS I'm only 99.9% sure they're coming from adob


-
soutin

 

[cquirke (MVP Win9x)]

On Sat, 4 Sep 2004 23:30:32 -0500, soutine

I'm glad I finally found someone to talk to about this.
I posted a question like your original on every forum from adobe to
winguides and nobody knows anything. Standard reply 'run adaware'

Alas, some commercial malware won't be detected even by tools
dedicated to detecting commercial malware.

Apart from the Day Zero effect, the reasons include legal pressure (av
and anti-cm vendors have bowed down to this in the past, removing
detection after the commercial authors litigated) and the "special"
case of DRM and its brother, Product Activation.

Both DRM and Product Activation are malware, in the sense that:
- they may take action that is hostile to the user
- they exist on the system by stealth
- details are undocumented by the vendor

Try to avoid being forced to tolerate malware on your PC. It's
difficult enough keeping a PC running properly and clean of hostile
code, without having to defer to obligatory malware.

What's driving me nuts is that not everyone who has activated adobe has
this problem (or maybe they havent looked). So it must also have
something to do with our configuration (like having manually disabled
some services, maybe remote registry?)

I installed PSCS on my son's computer just to see what would happen.
When installation was complete he had a couple of these weirdy things
running, but upon reboot, they disappeared. That's probably the way
it's supposed to work. Periodically one will show up, but disappears on
reboot too.

I deleted these things from the registry and they just come back with
different gibberish names. If you run 'services.msc' and manually
disable one, after a time, you'll have to re-activate. Then more
show-up. And the old ones stay. Maybe my doing this is what threw the
whole process out-of-whack.

The above scenario is indistinguishable from unrecognised malware
attack, because it *is* an unrecognised malware attack. And as long
as the vandor behind the Product Activation malware refuses to
document thier malware, you can't whitelist it and thus exclude the
possibility that it's some other malware you don't want to accept.

PS I'm only 99.9% sure they're coming from adobe

If Adobe are forcing you to accept randomly-generated file names (thus
making it impossible to exclude thier malware from detection as new
and unwanted malware), that should earn them a ferocious butt-kicking.

--------------- ----- ---- --- -- - - -

Tech Support: The guys who follow the
'Parade of New Products' with a shovel.