Sign in to follow this  
holio

System problem after quarantining services.exe[Resolved]

Recommended Posts

Hello,

I'm looking for some help with a system recovery after I quarantined a vital system file. I know that was a very stupid thing to do, and I've since read all the sticky's about not doing exactly that....horse bolted and all that.

Anyway, A-Squared detected what appears in hindsight to be a false positive (Trojan.Win32.Patched.aa!A2) at C:\Windows\System32\services.exe, and a few other locations all relating to the services.exe file. Stupidly I quarantined them all and instantly got a message saying Windows had experienced an error and needed to shut down.

Having done a bit of research on these forums, I went down the route of creating a Linux Live CD (Ubuntu), and tried to manually reinstall the quarantined files to their original locations. Unfortunately this hasn't worked and I still get the same 'start-up recovery' when I try to launch windows. I can't get safe mode to run, and no system restore or similar such 'repair' options seem to work.

Any suggestions as where to go from here would be enormously appreciated.

It's an Acer pc running Vista, which doesn't appear to have a windows disc or any recovery disc with it. I should add in an attempt to retain a tiny bit of respect that this is not my pc, and I was merely looking over it for someone even less competent than myself.

Many thanks in advance.

Share this post


Link to post
Share on other sites

Hello Lynx,

Thanks for the response.

Yes, if I leave the start-up repair to run its course, I eventually get an option to try various things such as the last known good configuration, system restore, or a complete repair from backup disc, and various memory tests etc - what generally happens when I try any of these is that after a period of trying to start-up, the computer reboots and returns to the start-up repair page. Back to square one essentially. I am able to use the command prompt at this point.

The system restore option says it could find no restore points.

I have one disc labelled 'Acer Blank Recovery DVD', which looked promising but unfortunately when I tried to restore from it I got a message saying it wasn't a vaild recovery disc.

If I try to start in any variant of safe mode, it appears to work up to a point until a blue screen with quite a lot of text flashes up (too fast to read anything) and the computer reboots.

I am able to use the Ubuntu method to gain access to the computer, but as I described earlier this hasn't yet solved the problem.

Regards.

Share this post


Link to post
Share on other sites

holio ,

With the live CD you could see the \Quarantine\ folder and its content but files inside <>.A2Q are encrypted so what did you mean when you said

... tried to manually reinstall the quarantined files to their original locations...

Those files could be restored by a2 itself, when it's working

Please be more specific about the procedure because I am not sure what and how you ... “reinstall”

Was the said file the only file flagged and quarantined?

Do you have any AV that could flag/quarantine something else as well?

If you cannot remember what else was quarantined, but you can see <>.A2Q and <>.db3 files probably you can send those to EMSI as in this case , which most likely you were reading

My regards

Share this post


Link to post
Share on other sites

Hi Lynx,

Using Ubuntu I am able to access c:\Program Files\a-squared Free\Quarantine\

In the \Quarantine\ folder are three .A2Q zip folders.

It seemed the obvious task was to un-quarantine the items, but I was unable to run the a-squared program using the normal executable file in Ubuntu, so instead I tried the 'manual reinstall' I spoke of earlier, which involved extracting the contents of the three folders above, and cutting and pasting the contents back to their original locations.

All extracted .A2Q folders contained an info.txt file, which was unreadable due to a 'charcter coding error', and a folder containing the target item. These were respectively;

1) Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

2) Windows\winsxs\backup\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56_services.exe_abfc33da

3) Windows\System32\services.exe

As I mentioned earlier, my 'manual reinstall' was just to move these files back to their original respective locations, but I'm assuming now that it's not as straight forward as that?

The PC in question also uses AVG anti-virus, which had just returned a clean scan prior to running the a-squared scan.

Thanks again for the help so far.

Holio.

Share this post


Link to post
Share on other sites

Holio,

As suggested it's better to send those mentioned files @ address posted in the referred thread

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.