XPenvironment??

  • Thread starter Thread starter RM-admin
  • Start date Start date
R

RM-admin

Guest
OS: Win2000SrvSP4 single domain/DC XPProSP2 and Win2KPro clients

Issue: under services there is a service called XPenvironment resdiding at
c:\winnt\system32\microsoft\protect\s-1-5-18\userx\services.exe
/name:"XPenvironment"

/start:"environment.exe" but it is not actual path, so it cannot be started

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/27/2007
Time: 2:19:43 PM
User: N/A
Computer: VADER
Description:
The XPenvironment service failed to start due to the following error:
The system cannot find the path specified.



Cannot find any reference to this service online.
What is this service and is it needed?
Is this a MS service or an exploit?
What steps are needed to correct or remove this service (presently disabled)?
Is this why AD is not showing XP asynchronous logon?
 
Re: XPenvironment??

RM-admin wrote:

> OS: Win2000SrvSP4 single domain/DC XPProSP2 and Win2KPro clients
> Issue: under services there is a service called XPenvironment resdiding at
> c:\winnt\system32\microsoft\protect\s-1-5-18\userx\services.exe
> /name:"XPenvironment"
> /start:"environment.exe" but it is not actual path, so it cannot be started


You mean that there is no files left in location that is shown above?

> Event Type: Error
> Event Source: Service Control Manager
> Event Category: None
> Event ID: 7000
> Date: 11/27/2007
> Time: 2:19:43 PM
> User: N/A
> Computer: VADER
> Description:
> The XPenvironment service failed to start due to the following error:
> The system cannot find the path specified.
> Cannot find any reference to this service online.
> What is this service and is it needed?
> Is this a MS service or an exploit?


AFAIC this seems to be some malware entries.

> What steps are needed to correct or remove this service (presently disabled)?


To remove a service you must find its subkey located in registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and delete it.
At the end delete all files from the disk - if there are any left. ;-)
Before making any changes with services I advice to make a backup of the
registry - for instance using free utility ERUNT.

> Is this why AD is not showing XP asynchronous logon?


IMO this is not the cause.

--
Regards
Arkadiusz 'Black Fox' Artyszuk
 
Back
Top