Zapping f-prot service with process explorer

[James Egan]

Hello again all, (well, nearly all)

In yet another failed attempt to install vista sp1 on my dell inspiron
I got sidetracked onto another issue.

I tried killing the process FPAVServer.exe with Process Explorer but
it was immediately restarted and I couldn't kill it. Not a bad trait,
I know, but if F-Prot can avoid being killed then maybe so can some
malware if something slips through.

What actually happened when I killed the "FPAVServer.exe" process was
that "fssf.exe" started up, it was this that appeared to restart
"FPAVServer.exe" and then close itself down. At least it disappeared
from the list of running processes so I couldn't just close down a
process tree. FPAVserver's parent process wasn't visible to do that.

In contrast, on my xp desktop when I zapped FPAVServer.exe with
process explorer, it was gone for good without as much as a complaint.

Incidentally, fssf.exe is located in the main f-prot installation
directory.

So I would like to know what it is that's available to running
processes in vista to stop them being zapped which isn't available in
xp? And also how can I zap something in vista when some invisible
"minder" type process is immediately restarting it?

TIA


Jim

 

[James Egan]

| So I would like to know what it is that's available to running
| processes in vista to stop them being zapped which isn't available in
| xp? And also how can I zap something in vista when some invisible
| "minder" type process is immediately restarting it?

| TIA


| Jim


net stop <service_name>
sc stop <service_name>

Ultimately, it's not the service I want to stop though, Dave, it's the
program which keeps restarting it. My use of F-Prot was just the
example which brought it to my attention. I suspect any malware using
the same technique might not have such an entry in the services list.


Jim.

 

[jen]

Hello again all, (well, nearly all)

In yet another failed attempt to install vista sp1 on my dell inspiron
I got sidetracked onto another issue.

I tried killing the process FPAVServer.exe with Process Explorer but
it was immediately restarted and I couldn't kill it. Not a bad trait,
I know, but if F-Prot can avoid being killed then maybe so can some
malware if something slips through.

What actually happened when I killed the "FPAVServer.exe" process was
that "fssf.exe" started up, it was this that appeared to restart
"FPAVServer.exe" and then close itself down. At least it disappeared
from the list of running processes so I couldn't just close down a
process tree. FPAVserver's parent process wasn't visible to do that.

In contrast, on my xp desktop when I zapped FPAVServer.exe with
process explorer, it was gone for good without as much as a complaint.

Incidentally, fssf.exe is located in the main f-prot installation
directory.

So I would like to know what it is that's available to running
processes in vista to stop them being zapped which isn't available in
xp? And also how can I zap something in vista when some invisible
"minder" type process is immediately restarting it?

Did you try disabling UAC before "zapping"?

-jen

 

[James Egan]

Did you try disabling UAC before "zapping"?

-jen

Yes. UAC got permanently disabled very early on. I'd rather have the
added risk than the persistent hassle.



Jim.

 

[jen]

Yes. UAC got permanently disabled very early on. I'd rather have the
added risk than the persistent hassle.

Then maybe Windows Defender is thwarting your efforts?

-jen