Guest RM-admin Posted November 28, 2007 Posted November 28, 2007 OS: Win2000SrvSP4 single domain/DC XPProSP2 and Win2KPro clients Issue: under services there is a service called XPenvironment resdiding at c:\winnt\system32\microsoft\protect\s-1-5-18\userx\services.exe /name:"XPenvironment" /start:"environment.exe" but it is not actual path, so it cannot be started Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7000 Date: 11/27/2007 Time: 2:19:43 PM User: N/A Computer: VADER Description: The XPenvironment service failed to start due to the following error: The system cannot find the path specified. Cannot find any reference to this service online. What is this service and is it needed? Is this a MS service or an exploit? What steps are needed to correct or remove this service (presently disabled)? Is this why AD is not showing XP asynchronous logon?
Guest Arkadiusz 'Black Fox' Artyszuk Posted November 30, 2007 Posted November 30, 2007 Re: XPenvironment?? RM-admin wrote: > OS: Win2000SrvSP4 single domain/DC XPProSP2 and Win2KPro clients > Issue: under services there is a service called XPenvironment resdiding at > c:\winnt\system32\microsoft\protect\s-1-5-18\userx\services.exe > /name:"XPenvironment" > /start:"environment.exe" but it is not actual path, so it cannot be started You mean that there is no files left in location that is shown above? > Event Type: Error > Event Source: Service Control Manager > Event Category: None > Event ID: 7000 > Date: 11/27/2007 > Time: 2:19:43 PM > User: N/A > Computer: VADER > Description: > The XPenvironment service failed to start due to the following error: > The system cannot find the path specified. > Cannot find any reference to this service online. > What is this service and is it needed? > Is this a MS service or an exploit? AFAIC this seems to be some malware entries. > What steps are needed to correct or remove this service (presently disabled)? To remove a service you must find its subkey located in registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and delete it. At the end delete all files from the disk - if there are any left. ;-) Before making any changes with services I advice to make a backup of the registry - for instance using free utility ERUNT. > Is this why AD is not showing XP asynchronous logon? IMO this is not the cause. -- Regards Arkadiusz 'Black Fox' Artyszuk
Recommended Posts