UVK Help - Service manager
You can access this module by clicking Service manager, in the Home page.
Content index:
Choosing which services to display in the list
Selecting the services to manage in the list
The service properties dialog box
Stopping several specific services
Deleting a service and file (if desired)
Restoring previously deleted services
Choosing which services to display in the list:
You can choose to hide the system protected files, all Microsoft files, or all signed files from the list by clicking the List settings button.
It will open a dialog box similar to the one in the picture below:
Select the radio button corresponding to the desired option.
If you
select Show all services, then all the services will be shown.
However, you will not be able to delete or rename system protected
files using UVK.
If you select Hide system protected files
(Default), then only the non protected files will be
displayed.
If you select Hide all Microsoft files, then no
Microsoft files will be shown.
If you select Hide all
digitally signed files, then UVK will verify the digital of all
files and display only the unsigned ones.
If you use the second or third option, and you suspect that the system or Microsoft files have been infected or replaced, check the aditional option Verify the file signatures. This will ensure only genuine files are hidden from the list.
Sorting the services list:
The list can be sorted by clicking the column header buttons. The items will be sorted in ascending/descending order.
This feature is not available on Windows Xp, because sorting listview items inside groups is not supported by that Windows version.
Selecting the services to manage in the list
Click the line corresponding to the service you want to manage. Right-click it to open the menu.
Alternately you can just press Ctrl+Enter to open the Service Properties window or use any of the hotkey combinations shown in the context menu.
You can select several lines at once by holding the Ctrl key down while clicking the lines. When several lines are selected, the action you choose will be performed to all the valid selected lines.
The service properties dialog box:
Click Service Properties in the upper pane or in the menu (Ctrl+Enter) to get more information about the selected service. You can also just double-click the line corresponding to the service you want to get info.
A small window will popup like the picture below, with several fields containing the service's name, the registry key where it located, the full path of the file that is ran, the command line used to run it, its description and digital signature.
Press the Google button in the Service name line to perform a google search using the service's name as the keyword.
Press the Go button in the Location line to open the registry editor on the service's registry key, which is also written in the field to the left of the button.
Press the Go button in the Image path line to open the location of the service file using the Windows explorer.
Press the Google button in the File description line to perform a google search using the file description as the keyword.
Press the Start button to start the selected service. The text of this button may also be Stop, if the service is already started. In this case, pressing the button will stop the service, obviously.
If you want to change the serve's start type, select the desired new start type for the service, in the Start type drop down box, and press Apply.
Press the VirusTotal report button to get a VirusTotal report of the selected service's file.
Press the File properties button to view the service's file properties dialog box.
You can get even more information on the files by pressing the buttons on the context menu, which we'll explain later on this page.
Configuring a service:
Press the icons shown in the picture to the left to perform common service related tasks: Stop, start, pause, resume the selected service(s), or set their startup type.
==> Stop the selected service(s). |
==> Start the selected service(s). |
==> Pause the selected service(s).
|
==> Resume the selected service(s). |
==> Set the service start type. For each service you selected,
you'll be prompted to choose the start type, as shown below:
| |
The service's current start type is automatically selected, as shown i the left picture. Select the new start type,as shown in the right picture. Click OK to apply, or Cancel to cancel the operation.
Stopping several specific services:
Press Stop all / Restore, in the upper pane. A dialog box similar to the one in the picture below will be displayed.
This feature will stop all the services you select. Choose the desired filter by pressing the corresponding radio button.
If you select Microsoft digitally signed files, UVK will stop all services whose files are not Microsoft genuine files.
If you select Genuine system protected files, then UVK will stop all services whose files are not genuine system protected files.
And finally, if you select Digitally signed files, the UVK will stop all services whose files are not digitally signed.
Press the Stop services button to begin stopping the selected services.
If you wish to cancel the operation, press Close / Cancel.
Deleting a service and optionally the associated file:
To delete a service or driver without deleting the destination file click Delete service menu or just press Del. You can also click Delete service but make sure that Also delete file is unchecked or the service file will be deleted!
To delete a service or driver and the corresponding file click Delete service menu or press Ctrl+Del. Alternately, you can check Also delete file and click Delete service.
Deleted files are moved to the recycle bin, so if you make a mistake, you can always restore them from there.
Before deleting a file, UVK always checks its signature, and if you're about to delete a file digitally signed by Microsoft, a message box will popup as shown in the image below.
This security feature is intended to prevent deleting system files by mistake, so when you got this message, you should click No, unless you know exactly what you're doing.
This software was created to delete virus, not system files, so, in a case like this one, if you click Yes, you're at your own risk. We won't be responsible for what may happen to your computer.
Restoring previously deleted services:
UVK allows you to restore services you have previously deleted. To do so, press the Stop all / Restore button, in the upper pane, and select the Restore previously deleted services tab.
You can restore several services at once. Just tick the checkboxes next to the ones you want to restore, press Restore selected, and confirm.
If you want to permanently delete some or all of the backed up services, tick the checkboxes next to the ones you want to delete, press Delete selected, and confirm. Note that you will not be able to restore these services anymore.
When you're done, press Close / Cancel to return to the Service manager.
Right click context menu:
To get more information about a service or a driver, right-click the corresponding line.
A menu with several options will be displayed:
The items with the black icons will perform the corresponding action to the selected services: Start, stop, pause, resume or set the start type.
ThreatExpert file name report (Alt+T) or
ThreatExpert MD5 hash report:
ThreatExpert has an
excelent malware info database. If the selected file is present in
this database, you can get information on which files it creates,
which registry entries it changes, etc.
Search file info
with Google (Ctrl+G):
Makes a quick google search using the file name as keyword.
Runscanner file name report (Ctrl+R):
If the file name exists in this database, you'll get a detailed
description of the file and the possible signers and paths.
Open File Location
(Ctrl+L)
This option will open an Explorer window on the path where the
service or driver's file is located and select it.
File Properties
(Ctrl+P)
Clicking this menu item will open the service or driver's file
properties dialog box, allowing you to get more information about
it.
VirusTotal report (Ctrl+M):
Creates an html VT report of the selected service files MD5 hashes.
VirusTotal has the most
complete virus info database.
Update VirusTotal results (Ctrl+U):
Update the results
in the VirusTotal coloumn.
Hide clean VirusTotal results (Ctrl+H):
Delete any
items with clean VirusTotal results from the list.
Refresh the list or exit the section:
To refresh the Services and drivers list, click the
icon
or
Refresh (F5) in the context menu, or just press
F5.
To return to the Home section, click Home
System services:
Be very careful when deleting services, specially system services. Don't delete services whose files are signed by Microsoft, unless its a service belonging to a software already uninstalled and the service has been left behind, or other similar cases.
Often, Trojans and other types of malware infect these services, that's why it's very important to verify their files signatures.
Below is a list of services whose files must be digitally signed by Microsoft. If they're not, your system is probably infected. This list contains only the services that are usually always running.
| AeLookupSvc ALG Appinfo AudioEndpointBuilder AudioSrv BFE BITS Browser CryptSvc CscService DcomLaunch Dhcp Dnscache DPS EapHost |
eventlog EventSystem fdPHost FDResPub FontCache gpsvc HomeGroupListener HomeGroupProvider IKEEXT iphlpsvc KeyIso LanmanServer LanmanWorkstation lmhosts MatSvc |
MMCSS MpsSvc Netman netprofm NlaSvc nsi p2pimsvc p2psvc PcaSvc PlugPlay PNRPsvc PolicyAgent Power ProfSvc RasMan |
RpcEptMapper RpcSs SamSs Schedule SeaPort SENS SharedAccess ShellHWDetection Spooler sppsvc sppuinotify SQLWriter SSDPSRV SstpSvc SysMain |
TapiSrv Themes TrkWks upnphost UxSms WdiServiceHost WinDefend Winmgmt Wlansvc wlidsvc WMPNetworkSvc wscsvc WSearch wuauserv wudfsvc |
