Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Services.exe 3

Status
Not open for further replies.
rodwf

rodwf

MIS
Sep 20, 2005
85
CA
when booting an Xp computer i get the message:

'Windows cannot find '\services.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search'

When i shut the computer down i get the blue screen of death stating windows encountered an error and is shutting down windows to save the computer from any corruption, although i was shutting it down anyway.

Done a search for services.exe and found it in:
c:\i386
c:\windows\ServicePackFiles\i386
c:\windows\system32\dllcache
c:\windows\system32

Can anyone help me out with why i'm getting this message and blue screen?
 
Sort by date Sort by votes
had a virus scan yesterday and it did find a trojan and was deleted. I've ran msconfig and found under run the \services.exe and unchecked it, rebooted and still got the same message.
 
Upvote 0 Downvote
Hi,
Follow the steps here to eliminate all registry entries that cause windows to try and start the 'phony' one. (msconfig only handles the ones shown in blue]


[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Upvote 0 Downvote
Looked up that site windowsxp.mvps.org, searched through the registry entries where the site had said and didn't find any entries for '\services.exe', also tried a search in the registry and that also came up with nothing.
 
Upvote 0 Downvote
something else i've noticed, i thought i'd try a system restore but when clicking on next to start the restore nothing happens.
 
Upvote 0 Downvote
Can you start the machine in Safe Mode and run your virus scans from within that? See if System restore works from Safe Mode too.

You might like to add these to your arsenal.

SuperAntispyware

Malwarebytes' Anti-Malware

Perhaps you might have encountered a rootkit infection, these things tend to hide from Windows and tend to replace infected files as soon as they are removed by anti malware software. I hope I am wrong.

RootkitRevealer v1.71

Why does Task Manager, MSCONFIG, or REGEDIT disappear while opening?
 
Upvote 0 Downvote
Tried using RootkitRevealer and on install i get a popup message:

Unable to install RootkitRevealer service. This service did not respond to the start or control request in a timely fashion.

Any ideas what i'm doing wrong?
 
Upvote 0 Downvote
Take a look at GMER:


before you use GMER to delete anything that it thinks is a ROOTKIT, do a LOG and post it here for our discernment...

reason: some hooks that gmer detects are legit and killing these can kill a legit application...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Another problem with malware is that the payload often carries a list of programs that it prevents from running or installing. A way around this is to physically change the file name of the program you are wishing to install and or run.

If it all gets too hard, backup your valuable data, reformat, and reinstall XP. In future make sure you are not surfing on the Internet as an Administrator, a Limited User is the way to go for day to day running of a machine.
 
Upvote 0 Downvote
Linney,

I was just going to post here that i'd installed malwarebytes anti-malware but it wouldn't run, also hijackthis wouldn't run. I booted to safemode and the same message popped up stating \services.exe couldn't be found, tried restore and that wouldn't work. is there a way to run an anti virus program before anything else boots?
 
Upvote 0 Downvote
When you say physically change the file name of the program i wish to run, do you refer to renaming the exe of the program?
 
Upvote 0 Downvote
Change the setup of MBAM.exe to Fred.exe, after it installs change the installed name MBAM.exe to Fred.exe in the program files folder, you get the picture, it is blocked if you use the official name. It will make life easier for you if you are not hiding known file extensions in Folder Options/ View.

Even if these programs eventually run, what usually happens is that they find the malware, say that they have removed it, but often it is back next scan. What I find helpful in that situation is that they at least identify the files concerned. Recently I have seen a lot of files like this that begin with "UAC" something or other. In those circumstances Windows is unable to see such files because they are super hidden from it. What I find works in such instances is to get out of the Windows environment (perhaps via BARTPE which sees the hidden files, usually in the System32 folder) and manually remove the offending files.

BartPE (a mini XP self contained on a bootable CD and run from CD).
 
Upvote 0 Downvote
Excellent, Thanks Linney, i'll take a look at Bartpe.
 
Upvote 0 Downvote
Your problem may be more serious if the malware payload is targeting Services.exe itself and preventing that from running. Hopefully it is not, and I'm not sure MalwareBytes or Hijack This have any need for Services to run, but I could be wrong there? God only knows what would happen if you start renaming Windows System files like Services.exe to Fred.exe.
 
Upvote 0 Downvote
Hi,
Just a note: Whenever cleaning out a virus/trojan/etc be sure you run the Anti-virus program with System Restore turned OFF....Otherwise the file may come back on the reboot.
( Turn it back on as soon as you know the bad guy is gone..)


[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Upvote 0 Downvote
If you do use BartPE in the end to delete malware, remember to hold the Shift key down otherwise they just get put into the Recycle Bin of the drive concerned. If they end up there they will show up in the next malware scan but should be more easily removed by the scanner program from the Recycle Bin.
 
Upvote 0 Downvote
Two AntiViral Solutions that BOOT from CD/DVD (and leave the installed OS out of the picture):

Dr. Web LiveCD

Avira AntiVir Rescue System



Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
Upvote 0 Downvote
Cheers BadBigBen, i'll take a look at those also and thanks Ben but i don't have a sledgehammer!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

flw
  • Locked
  • Question
services.exe is killing my win2k box
Replies
1
Views
29
chipk
chipk
tucansam
  • Locked
  • Question
services.exe 100% cpu (old issue i know)
Replies
6
Views
56
wolluf
wolluf
gmail2
  • Locked
  • Question
services.exe crashes, possibly caused by local polciy?
Replies
2
Views
24
gmail2
gmail2
NADIAZIPPER
  • Locked
  • Question
Services.exe not working
Replies
7
Views
74
firewolfrl
firewolfrl
xkjdhdg
  • Locked
  • Question
Services.exe Application Error - The application failed to utilize pro
Replies
2
Views
27
xkjdhdg
xkjdhdg

Part and Inventory Search

Sponsor

Back
Top