ESET ServiceScript secrets...

Just curious about how this thing works. I heard that it can remove drivers, services, registry keys etc. If I have some driver which it is only a redundant record in my registry not a physical file on my hard drive, it can be removed by ServiceScript? The same thing for service?

What nodes of ESI Log I need include into ServiceScript for successful removal of drivers, services, files?
etc etc...

So, can you shed more light on this virtual component in malware removal process, can you?

I will apriciate any answers from ESET Staff especially if they're in the positive way.

 

So, silent in this thread sounds like you won't write anything, but why?..

 

Hello,

From ESET SysInspector's online help:

Service Script
Service Script is a tool that serves to provide help to customers that use ESET SysInspector. It is used to remove unwanted objects from the system.

Service Script enables the user to export the entire SysInspector log, or its selected parts. After the export, you can mark unwanted objects for deletion. Then you can run the modified log to delete marked objects.

Service Script is suited for advanced users with previous experience in diagnosing system issues. Unqualified modifications may lead to disabling the operating system.

Example:
If you have a suspicion that your computer is infected by a virus which is not detected by your antivirus program, follow the step-by-step instructions below:

1. Run ESET SysInspector to generate a new system snapshot.
2. Select the first item in the section on the left (in the tree structure), press Ctrl and select the last item to mark all items. Release Ctrl[/FONT.
   [*]Right click the selected objects and select the Export Selected Sections To Service Script context menu option.
   [*]The selected objects will be exported to a new log.
   [*]This is the most crucial step of the entire procedure: open the new log and change the – attribute to + for all objects you want to remove. Please make sure you do not mark any objects required for the correct operation of the system.
   [*]Open ESET SysInspector, click File|Run Service Script and enter the path to your script.
   [*]Click OK to run the script.
   

​

I have highlighted in blue the part of the instructions which explain how to create the script. I have not personally tested removing redundant entries, but I cannot think of any reason that it would not work.

Regards,

Aryeh Goretsky

 

I find using Sysinternals AutoRuns via SysRescue a very effective way to make changes to drivers and auto-start programs. Since Sysinternals added offline support to Autoruns I've been a very happy geek!

 

See page 33 of the EAV/ESS manual for more information on using ESET service scripts.

 

Thank you for replies! What I have to do when I see the message: "There is an error occured while enumerating services" - when I'm trying to delete driver/service, and message: "There is an error occured while enumerating registry keys" while I'm trying to delete registry keys? Is this an intended error or this is some sort of bug?

 

Hard to say, maybe the current user having insufficient permissions to the appropriate reg keys ?

 

Hmm, I'm always running ESI as administrator( I mean with account name 'Administrator' which is by default has full administrating control over the system)

 

That depends on your UAC settings (assuming Vista/W7).

 

Windows XP x86(SP2)