stop services in windows 2k/Xp

[lepricaun]

hi guys,

i was wondering, is it possible to stop services that can't be stopped on the normal way?
i.e. the "server" service can be stopped via the gui and commandline with "net stop server".
the "Security Accounts Manager" or RPC are important system services, they can't be stopped like this.

but on my system i have an nvidia card with nvidia drivers and it also creates an unstoppable service like this. therefore i was wondering if it is possible to stop it anyway, this also goes for the RPC service, SAM , service etc... although it isn't intended to be possible via normal ways...

of course i can select disable, so it won't start up at next boot, but i just wanted to know if it is possible to stop them while running windows...

[SirDice]

You could simply kill the process..but some of these processes are monitored by windows. If windows detects they're down it will reboot the system (LSASS exploit, crashes rpc, system reboots).

[akshayakrsh]

whenever ther's RPC call, n ur computer starts getting shutdown. go to run in start menu n type there - shutdown -a over there enter key, that's it!
best of luck

[lepricaun]

yes ok, but sometimes these services aren't shown in the taskmgr, or if they are, and you try to kill them, you get access denied, this happens often with MCaffee, Norton, and other virusscanners...

and to be so powerless to these processes, to have no control over them, really pisses me off!

b.t.w., you get "access denied" when logged in as admin, even when you make sure the taskmgr runs with system rights.. that's what bothers me, cause if this is so easy to create for a software producent like MCaffee, wouldn't it be also easy to do for someone with more evil intentions???

(please don't tell me to run linux to get full control, i already do, but that doesn't change the fact that i don't like the above problem)

[DeadAddict]

I would take a look at blackvipers service configuration table on what is safe to turn off and what needs to be left running, unless you want to take the road of trial and error like he did when creating this chart.
http://www.blackviper.com/WinXP/servicecfg.htm

[dspeidel]

Originally posted here by SirDice
You could simply kill the process..but some of these processes are monitored by windows. If windows detects they're down it will reboot the system (LSASS exploit, crashes rpc, system reboots).

I had great success using pskill from www.sysinternals.com (at least once I forced an unplanned reboot). I've also heard good things about prkill but I have not yet had a chance to evaluate it.

Cheers,
-D

[SDK]

Put the service start-up to disable and reboot. Usually, the service don't load!

Or just plain delete the service from registry! (I think their a tutorial on AO how to do it)

[cacosapo]

i think thats work as projected. Its supposed to be a non-stopable service; so you cant kill nor stop it.
If you to remove it, disable it and/or uninstall it.
if it was easy to kill A/V process, every malware will do this at first step.
Many services are so critical to system, so when they get cancelled, system reboots.

Do you have a specific process/need or you are just wondering?

[ikalo]

There is a way to kill system proces...

you can do it from cmd promt (run it as admin)
now you have to us at command... that command is used to shedule apps with localsystem priviledges.

I belevie that right syntax would be:

>at hh:mm /interactive taskmgr

where hh:mm is time in next few minutes so you don't have to wait long.
run at command again with no argumets to check if the shedule is ok

when time comes you will see task manager pop up, and this time you will be able to kill almost all proceses that usualy give you access denied.

try it

[lepricaun]

I had great success using pskill from www.sysinternals.com (at least once I forced an unplanned reboot). I've also heard good things about prkill but I have not yet had a chance to evaluate it.

this might help, i'll go and test it right away, thanks!

Put the service start-up to disable and reboot. Usually, the service don't load!

Or just plain delete the service from registry! (I think their a tutorial on AO how to do it)

i already mentioned that that's a possibility, but like i said, i'm wondering if it can be done from within windows.

i know which services are needed to run the system, but like A/V software, this isn't needed, and still you can't kill it.

Do you have a specific process/need or you are just wondering?

several, but not really, i was just wondering, like i said, the A/V is one of them (this is because i work at a repair center, and when i boot up a system from a customer, often so much junk is automatically starting up, that we can't normally test the system.)

There is a way to kill system proces...

you can do it from cmd promt (run it as admin)
now you have to us at command... that command is used to shedule apps with localsystem priviledges.

I belevie that right syntax would be:

>at hh:mm /interactive taskmgr

where hh:mm is time in next few minutes so you don't have to wait long.
run at command again with no argumets to check if the shedule is ok

when time comes you will see task manager pop up, and this time you will be able to kill almost all proceses that usualy give you access denied.

like i said in my second post, even when you run the taskmgr as system, (this is with the method given by you).

b.t.w., did you try killing explorer.exe and restarting it again with that taskmgr? you will be logged in as system then, this means more keys in the registy, access to any file, you name it, it's possible... it's a nice trick