ESET ServiceScript secrets...

Discussion in 'ESET NOD32 Antivirus' started by Nerimash, Nov 13, 2010.

Thread Status:
Not open for further replies.
  1. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    Just curious about how this thing works. I heard that it can remove drivers, services, registry keys etc. If I have some driver which it is only a redundant record in my registry not a physical file on my hard drive, it can be removed by ServiceScript? The same thing for service?

    What nodes of ESI Log I need include into ServiceScript for successful removal of drivers, services, files?
    etc etc...

    So, can you shed more light on this virtual component in malware removal process, can you?

    I will apriciate any answers from ESET Staff especially if they're in the positive way.
     
    Last edited: Nov 13, 2010
  2. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    So, silent in this thread sounds like you won't write anything, but why?..
     
  3. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    From ESET SysInspector's online help:

    Service Script
    Service Script is a tool that serves to provide help to customers that use ESET SysInspector. It is used to remove unwanted objects from the system.

    Service Script enables the user to export the entire SysInspector log, or its selected parts. After the export, you can mark unwanted objects for deletion. Then you can run the modified log to delete marked objects.

    Service Script is suited for advanced users with previous experience in diagnosing system issues. Unqualified modifications may lead to disabling the operating system.

    Example:
    If you have a suspicion that your computer is infected by a virus which is not detected by your antivirus program, follow the step-by-step instructions below:

    1. Run ESET SysInspector to generate a new system snapshot.
    2. Select the first item in the section on the left (in the tree structure), press Ctrl and select the last item to mark all items. Release Ctrl[/FONT.
      [*]Right click the selected objects and select the Export Selected Sections To Service Script context menu option.
      [*]The selected objects will be exported to a new log.
      [*]This is the most crucial step of the entire procedure: open the new log and change the attribute to + for all objects you want to remove. Please make sure you do not mark any objects required for the correct operation of the system.
      [*]Open ESET SysInspector, click File|Run Service Script and enter the path to your script.
      [*]Click OK to run the script.

    I have highlighted in blue the part of the instructions which explain how to create the script. I have not personally tested removing redundant entries, but I cannot think of any reason that it would not work.

    Regards,

    Aryeh Goretsky
     
    Last edited: Nov 22, 2010
  4. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    I find using Sysinternals AutoRuns via SysRescue a very effective way to make changes to drivers and auto-start programs. Since Sysinternals added offline support to Autoruns I've been a very happy geek!
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    See page 33 of the EAV/ESS manual for more information on using ESET service scripts.
     
  6. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    Thank you for replies! What I have to do when I see the message: "There is an error occured while enumerating services" - when I'm trying to delete driver/service, and message: "There is an error occured while enumerating registry keys" while I'm trying to delete registry keys? Is this an intended error or this is some sort of bug?
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hard to say, maybe the current user having insufficient permissions to the appropriate reg keys ?
     
  8. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    Hmm, I'm always running ESI as administrator( I mean with account name 'Administrator' which is by default has full administrating control over the system)
     
  9. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    That depends on your UAC settings (assuming Vista/W7).
     
  10. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    Windows XP x86(SP2)
     
Thread Status:
Not open for further replies.