Jump to content


Photo

How to recreate deleted 023


  • Please log in to reply
11 replies to this topic

#1 Mikelia

Mikelia

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 05 July 2009 - 02:20 PM

Dear Administrator

I have accidentally used sc delete IdriverT command and deleted the following:

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


I thought that I could create it by using sc create command, but there is a lot of strings that need to be entered and I am sure that there must be a better way.

Can any one here is willing to help? Thanks in advance

Mikelia

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,252 posts

Posted 05 July 2009 - 04:31 PM

This is a file used to install certain software packages... Removing the Service is not likely to be a problem and it will reinstall if you attempt to install any of the software that originally used it...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 05 July 2009 - 05:02 PM

Alternatively, reinstall it from here:

http://knowledge.acr...v...2&sliceId=1

Scroll down to "If the file version number starts with 10.5:"


I have accidentally used sc delete IdriverT command and deleted the following:

Though I wonder how you "accidentally" used that command...

Edited by screen317, 05 July 2009 - 05:02 PM.

Please consider donating to help support the continued prompt and excellent services of this site.


#4 Mikelia

Mikelia

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 05 July 2009 - 09:47 PM

Though I wonder how you "accidentally" used that command...


Interesting question!

I was doing hijackthis analyzer and one of the analyzers indicated that it may be bad, so I deleted it. I did more search and found that it is to do with "Installshield".

Actually I was thinking more along the line of using DOS command to recreate what I deleted:


Using Microsoft's SC.EXE utility to create/delete Services:
Microsoft offers an additional utility which allows a user to remotely create, start, stop, and delete Services from the command line. It is called the SC tool (Sc.exe), and it is included in the Resource Kit for Windows 2000 or above. Also note that [MachineName] is an optional parameter, and when it is not specified the current machine is used.

How to Create a Windows Service Using Sc.exe
http://support.micro...om/?kbid=251192


For Example: (NT/2000/XP/2003 only):

sc [MachineName] create DWRCS DisplayName=DameWare Mini Remote Control Type=own Type=interact binPath="DWRCS.exe -service"


For Vista (because Services in Vista no longer interact with the Desktop):

sc [MachineName] create DWRCS DisplayName=DameWare Mini Remote Control Type=own binPath="DWRCS.exe -service"

-or-

sc [MachineName] delete DWMRCS



Any suggestions?

There are also two MS sites for help, but I could not understand them:

http://support.microsoft.com/kb/251192
http://support.microsoft.com/kb/137890

I guess yours is easier, just download, but I have difficulty to understand your reference:

Check if there is a file with a .msi extension in the same directory as the installation file.



Best Regards,

Mikelia

#5 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,252 posts

Posted 06 July 2009 - 12:31 AM

HijackThis analyzers are dangerous for the same reason you had a problem... We do not recommend them... If HJT could be effectively used with an analyzer, it would be made into an automated tool like other anti-malware tools... That is not its purpose and it is not a good idea to use it that way...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#6 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 06 July 2009 - 05:51 PM

I guess yours is easier, just download, but I have difficulty to understand your reference:

Just do this part:

1. Delete this folder: C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\50
2. Download this file and save it to your Desktop.
3. When it finishes, double-click it. This installs the InstallShield engine.


After that, restart your computer and let me know if everything is okay now...

Edited by screen317, 06 July 2009 - 05:52 PM.

Please consider donating to help support the continued prompt and excellent services of this site.


#7 Mikelia

Mikelia

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 06 July 2009 - 06:33 PM

I only found the following folder

C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01

I don't have the .....\10\50 folder, can I proceed?

Thanks

#8 Mikelia

Mikelia

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 06 July 2009 - 06:46 PM

It seems that my installshield is a hybrid. I have the following folders:

C:\Program Files\Common Files\InstallShield\Driver\9
C:\Program Files\Common Files\InstallShield\Driver\1050
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01

May I just deleted the following folders:

C:\Program Files\Common Files\InstallShield\Driver\9
C:\Program Files\Common Files\InstallShield\Driver\1050
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01

and download version 11

Download ISScript11.zip and
Download InstallShieldEngineUpdate1100.exe.

#9 screen317

screen317

    SWI Sentinel

  • Global Moderator
  • PipPipPipPipPip
  • 8,813 posts

Posted 07 July 2009 - 12:56 AM

You can try it.

No guarantees that it will work (I haven't done that before)


Make a backup of those folders before you delete them.

Please consider donating to help support the continued prompt and excellent services of this site.


#10 Mikelia

Mikelia

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 09 July 2009 - 12:32 PM

Dear Scren317

Followed your instructions, I deleted the folders and downloaded version 9, 10 and 11 drivers. Now the 023 IDriverT came back. You can close this thread or I am going to get a notice from the Adm to ask me how many computers that I have and are these the same computers? if there are the same the topics will be merged, etc., etc.,.......

Thanks for you help,

Mikelia

#11 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,252 posts

Posted 09 July 2009 - 12:40 PM

The Admin you refer to is reading this topic and even responded to you... This is a different issue than the ones you have referred to in the other forums, so it does not need to be closed... Also, we generally don't close topics in the Software forum unless there is a specific problem...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#12 Mikelia

Mikelia

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 09 July 2009 - 09:29 PM

Hi Budfred

I'm impressed with your efficiency. I wish our government could be as quick and responsive as you are :)

Peace!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button