Is Vipre removing Microsoft's own services.exe from system32 folder?

HansR,

If it continues to block the file you will need to go into the user data files for Vipre, in XP they are in C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware
In Vista its C:\ProgramData\Sunbelt\AntiMalware. Delete the .xml files in this folder, it will reset the ap settings that are causing it to block the files automatically.
We are already working to prevent this from occurring by updating the definitions.

If you have any questions please let us know.
Thanks,
Peter

Hello Manfred,

Here is now to resolve the missing services.exe file on your computer. First in safe mode go to C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware and delete any .xml files in that folder. This will prevent Vipre from trying to block the new services.exe we put in.

Then follow the steps below

1. Insert the original Windows XP CD (Windows XP with Service Pack 2 is preferred, but not required) and reboot the computer. You may need to configure your computer to boot from the CD-ROM drive.
2. When the Windows XP Setup has started, press "R" to "repair the Windows XP installation using Recovery Console".
3. Select the Windows installation to repair (generally this is C:\Windows) by typing its number and then pressing ENTER.
4. Type the Administrator password and press ENTER.
5. Type the following commands:

D: [ENTER]

CD I386 [ENTER]

EXPAND services.ex_ C:\WINDOWS\SYSTEM32 [ENTER]

NOTE: If your CD-ROM drive has a different letter assigned to it, enter "X:" instead, where X is the appropriate drive letter.

After entering "EXPAND services.ex_ C:\WINDOWS\SYSTEM32" you should see the text "1 file(s) copied", in which case all went well.

Remove the Windows XP CD, type "EXIT" and press ENTER to restart your computer.

If you continue to have problems, or have any questions please let us know.

I have already reinstalled everything on my PC that is affected, but will keep this in mind. I recall a setting defaulted to "medium" when I reinstalled VIPRE. If the recommended setting is LOW, I'll check when I get home to see if it's still at MEDIUM and adjust.

I had this exact same problem last night - Vipre most definitely removed services.exe from the c:/windows/system32 folder, which basically turns a PC into a brick.

I had just installed the latest update of Sun Java (JRE V13), and it always annoys me by installing a "new version checker". So, when Vipre asked me if I wanted to block this program from running, I clicked on Yes. Vipre then deleted services.exe, which is, very obviously, a (expletive deleted) big problem to the continued operation of that PC.

Vipre MUST fix this problem - it cannot just remove a file that stops a PC from working.

This is Vipre's second strike with me - after the 100% CPU usage problem last year, and now making PC's unbootable, I'm really worried about what the next strike might be, but another such problem will definitely be the last.

Peter

Peter,

I'm very sorry for the trouble this has caused. The services.exe file is actually on our white list. We agree that services.exe should definitely not be removed from the system. The reason this prompt was coming up at all was because it was writing to a protected area modifying the startup. I believe the message that was coming up said something along the lines of a known good program is attempting to modify startup. We've corrected this issue and it should not happen again.

I had this same problem on 3 of my users' PC's. All 3 of them claimed that it happened during a Java update, when they chose "block" during the warning popup.

I too have had 3 different XP systems bricked by Vipre blocking services.exe - The 1st time it asked me to block services.exe after the system had done a Microsoft auto update over the weeked - I said yes to block Services.exe and my system went into NT shutdown & upon reboot it's all black screen/cursor & not even safe mode will work - I repaired XP and did the XP updates and thought it was when I installed XP Service Pack 3 that Vipre finds Services.exe and shuts down but his time I didn't even download Service Pack 3 & it did it again - As NT shutdown started I went to run and typed shutdown -a to abort the shutdown - it stopped it but system was unstable & crashed then rebooted into black screen etc. - 3rd time I repaired XP & updated to Service Pack 2 with no Vipre and manual updates - & the system was good - upon loading Vipre it grabbed Services.exe and crashed again - this all started monday night (2 nights ago) I was hoping I would find a post like this. This is very troublesome because I have Vipre on many, many machines and recommend it to everybody I know - I noticed earlier today that on my system Vipre is set to Medium not Low as recommended this is how it installs. I have only seen this happen on my XP machines - the Vista seem to be okay.

Scott,

It sounds like services.exe was added to the Always Blocked list in VIPRE after you had chosen to block it. Because of this, VIPRE was removing services.exe from the system everytime you started it. It's necessary in this case to remove the .xml files from C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware to clear the always blocked list. Normally you would be able to open VIPRE and remove the file from the always blocked list or restore the file from quarantine. Because VIPRE is not able to run without the services.exe file this was not possible.

As long as your definitions are up to date you shouldn't see any further trouble with this issue. Please let us know if you have any further questions or concerns.

Wow. I had this problem with many of my clients' PCs and thought it was some new unknown virus.
Sunbelt better improve its quality control and ensure their software does not causes any more problems like this.
Otherwise, I will stop recommending it. I stopped using Norton because their qualty control became lax.

When my computer booted this morning I decided to block services as I thought it was just another silly windows update I had not asked for. It took me half a day to fix the problem until I ran into this post... :) That's a lot of valuable time... Our commercial manager actually had the same problem in February (2009). The VIPRE support team back then told him to reinstall windows. I'm grateful we're no longer at that stage!
Thanks for this post! It was really helpful!
Please fix it soon. I don't feel like spending any more hours restoring dlls!
Greetings from Belgium

I shouted glory to quickly :)
I still cost me two hours to get it fixed. The solution proposed above by Peter (in reply to Manfred) did not work for me cause you can simply no longer get in safe mode! The boot from the W$ cdrom furthermore resulted in 'access denied' messages...
Finally I got it fixed by rebooting using Knoppix (*unix lover), activating writing permissions on the ntfs drive, copying all the 'services files' from another Windows XP Prof computer (system32 folder, they were two files: .exe and .msc) into the right folder and deleting the xml files as specified above by Peter.
Just for the records' sake: I first tried to do this using files from Windows Vista. That, obviously, did not work...

Greetings again.
PS: Peter, fix the issue please, in no matter what security level and no matter what user involvement level, a user should not be able to delete vital unaffected system files.
Thanks!

I have Windows xp. I removed c:\windows\system32\services.exe in an attempt to get rid of the virus of a similar name. Now, I can only start up to a black screen and a mouse. Even if I use safe mode, I cannot do anything on the computer. I can't get to my files to replace anything. Is there something that I'm not trying to access this? Please help me!
>_<

Hi HanrsR

I apologize for the inconveniences. Sunbelt is no longer monitoring these forums. Please post to our new support forums and we can have a technician walk you through some troubleshooting steps to correct the issues you're experiencing.
Sunbelt Support Forums: http://supportforums.sunbeltsoftware....

Thanks,
Peter

Lauren ... you need to replace your services.exe file by booting into recovery console from the XP CD, per Peterh's instructions above.

Just another side note ... I found that the easiest way around this problem was to just remove the hard drive from the bad machine and slave it to my own machine, copy my services.exe over the other hard drive, and remove the xml files.

What is the administrative password?
Is it what I use to log into my account?

Not necessarily. It's whatever you set your administrator password to when you installed your operating system. It may very well be blank.

I just rewrote my harddrive.
I have a backup drive and disks, but the files say that I don't have a program to open them.
<_></_>

I've had the same problem. I spent a tremendous amount of time restoring my programs and software after Vipre removed services.exe Just trying to get past the black screen was a real pain. I couldn't get my computer to reboot no matter what I tried.
Much to my sorrow and headache, I thought I could reinstall Vipre after I got everything fixed. I was so mad when Vipre removed my services.exe a second time!!!!! How I wish I had seen this blog beforehand and I never would have reinstalled Vipre. I took it off of my other computer. I wouldn't recommend this software to anyone!