I have recently installed a program that deploys an agent which "protects" from peripherals. What it actually does at this point is to block any kind of media I plug to my PC.
I've done some checking and I found the name of this service blocking my peripherals. So, naturally, I've tried stopping it.
First I tried the sc stop, but I was denied the access. Trying to do it by services.msc will result in not even giving me the priviledge to use stop on that service. Same response from taskkill: Access denied... Then I figured I'd try net stop resulting with the 2191 message which if I try net helpmsg 2191 does not give any information. I then decided to surf Superuser and found out about these pstools. But as soon as I try to do the cmd switch with psexec -s cmd I get the message:
Couldn't install PsExec service: access is denied.
Strangely, if I try to use just psexec it does prompt me with the help info. So this was a dead end again.
After all these fails I have decided to just remove it from startup right? So I open msconfig and remove the service from startup, save and finally reboot. Unfortunately, when PC reboots so does the service. By the time I can access the task manager the service is already running, again. Can't really imagine how though.
All these access failures made me think I might not have the required privileges or something, but my user account is set as administrator so I think there's nothing more I can do.
Answer
Many security software installs a special driver that intercepts any changes to its services and processes.
However, the driver is normally not loaded in Safe Mode, so you can disable the service there. If the service is still started after reboot, you may want to find and disable the driver in Device Manager. This kind of driver is normally under the "Non-plug and play drivers" section which is viewable by selecting "Show hidden devices" from the View menu. The name of the driver is normally well-known for each provider.
No comments:
Post a Comment