Rogue service will not disappear / cannot remove a program
Hello,
A client of ours has an SBS2008. We recently noticed that the C Drive running out of space. Our investigations led us to the windows\temp drive filling up with random files. Digging down into these files, we found that it was being cause by a piece of software called Desktop Authority by Script Logic.
The client says they have not installed this software nor do they know where it comes from. After a couple of hours or so trying to remove this software, we have hit a brick wall, even after trying to contact the ScriptLogic support hotline. There's nothing under add/remove programs.
There is a service running called DA Remote Management Maintenance Service, which, if stopped and disabled, after a period of time, say an hour, will have enabled and started itself again. If we remove the program files from the program file directory C:\Program Files\RemoteSupportManager
Malware scans do not show anything either.
Any ideas?
A client of ours has an SBS2008. We recently noticed that the C Drive running out of space. Our investigations led us to the windows\temp drive filling up with random files. Digging down into these files, we found that it was being cause by a piece of software called Desktop Authority by Script Logic.
The client says they have not installed this software nor do they know where it comes from. After a couple of hours or so trying to remove this software, we have hit a brick wall, even after trying to contact the ScriptLogic support hotline. There's nothing under add/remove programs.
There is a service running called DA Remote Management Maintenance Service, which, if stopped and disabled, after a period of time, say an hour, will have enabled and started itself again. If we remove the program files from the program file directory C:\Program Files\RemoteSupportManager
Malware scans do not show anything either.
Any ideas?
Worst case scenario you can manually take it out of the registry
http://www.techieshelp.com/remove-a-windows-service-via-registry/
http://www.techieshelp.com/remove-a-windows-service-via-registry/
ASKER
Hello Flyfishing.
The problem is that no actual program functions are visible. It's just the service, and that folder I mentioned above. Along with the few registry entries. Nothing else.
The only reason we were able to determine it was a scriptlogic/desktop authority program was through decifering the log files in the temp folder that were being generated.
The problem is that no actual program functions are visible. It's just the service, and that folder I mentioned above. Along with the few registry entries. Nothing else.
The only reason we were able to determine it was a scriptlogic/desktop authority program was through decifering the log files in the temp folder that were being generated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello
Thanks for this.
Even with the service disabled still files are clogging up the temp folder. The folders generated appears to be the contents of the Program Files folder that it creates called RemoteSupportManager. It's not called that in Temp though, it's a random name. The sort of behaviour you get when you download a file from the internet.
Thanks for this.
Even with the service disabled still files are clogging up the temp folder. The folders generated appears to be the contents of the Program Files folder that it creates called RemoteSupportManager. It's not called that in Temp though, it's a random name. The sort of behaviour you get when you download a file from the internet.
check your startup settings.
You may have something kicking off a process on start.
Try using msconfig.exe to see what is starting on boot.
%SystemRoot%\system32\msco
You may have something kicking off a process on start.
Try using msconfig.exe to see what is starting on boot.
%SystemRoot%\system32\msco
ASKER
it happens even without a reboot
If a process has started and is running in the background, it is likely what is causing the files to spawn. Killing a service will not kill the process. If the process is hidden, it can be generating other processes automatically. the initial process is starting on boot of the server, it needs to be determined where it starts from.
msconfig will show you a list of initial calls and process startups, along with the associated registry entries.
you can also download and utilize : Sysinternals Process Explorer
This will show you all the current processes running on the machine and assist in identifying any rogue elements.
msconfig will show you a list of initial calls and process startups, along with the associated registry entries.
you can also download and utilize : Sysinternals Process Explorer
This will show you all the current processes running on the machine and assist in identifying any rogue elements.
ASKER
Thank you - I will give this suggestion a try OOH this evening and let you know how I got on in the morning. UK Time.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Does this offer any assistance?
This article explains how to completely remove Desktop Authority 7.0 from your domain.
http://na5.salesforce.com/_ui/selfservice/pkb/PublicKnowledgeSolution/d?orgId=00D300000000xmc&id=50170000000PQhv&retURL=%2Fsol%2Fpublic%2Fsolutionbrowser.jsp%3Fcid%3D02n700000001hLU%26orgId%3D00D300000000xmc&ps=1