Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange message when trying to open 'wscsvc' and 'shared access' in services


  • Please log in to reply
10 replies to this topic

#1 notinfallible

notinfallible

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:06:38 AM

Posted 25 July 2012 - 02:28 AM

I am running XP SP3. Recently, I noticed 2 services that are unfamiliar to me. I know that they are not on my computer if I wipe the hard drive and start from scratch. The services are 'wscsvc' and 'SharedAccess' and when I click on them from within Services in the Control Panel I get this strange message....

"Configuration Mananger: The specified instance does not correspond to a present device."

My gut told me something isn't right. I've never seen this message before when just trying to look at what the service is, so I click OK and it brings me to the regular service settings page. Weird.

Anyway, I stopped these from running and disabled them from starting up automatically with my computer. Now I cannot get into my Firewall settings. When I try it says this....

"Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the SharedAccess service?

These messages just seem strange. If they are legimate services and straight from Microsoft, what's with strange messages that look different than most Microsoft stuff and who can I contact to vent my frustrations with this?

I would rather not have "SharedAccess" with Microsoft and don't think I like the idea of them being able to "monitor the health" of my system.
The most important thing in communication is to hear what isn't being said.

BC AdBot (Login to Remove)

 


#2 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:06:38 AM

Posted 25 July 2012 - 03:00 AM

I read this page from bleeping computer.... http://www.bleepingcomputer.com/startups/wscsvc.exe-12888.html

I've also read stuff that contradicts this info also.... So what's the deal?
The most important thing in communication is to hear what isn't being said.

#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:38 PM

Posted 25 July 2012 - 03:25 AM

Hello -
Do you mean "wscsvc", "wscsvc.dll" wscsvc.dll is a Dynamic-link library or "wscsvc.exe". The .EXE is an executable program.
This is where you Must specify exactly what you are describing -

Thank You -

#4 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:06:38 AM

Posted 25 July 2012 - 04:53 AM

Hello -
Do you mean "wscsvc", "wscsvc.dll" wscsvc.dll is a Dynamic-link library or "wscsvc.exe". The .EXE is an executable program.
This is where you Must specify exactly what you are describing -

Thank You -


I don't know if its a .exe or .dll, using the information provided in the "Administrator Tools - Services" that is located within the "Control Panel"

The service that is circled.....

Posted Image

Here is a screen capture of what it says when I click on it...

Posted Image

Here is screen capture of the "SharedAccess" service that I'm referring to also...

Posted Image

In my opinion, it just doesn't fit in with the rest of the services that are on the list. All lowercase letters..... the weird message with I try to open it.

I just want to know if this is normal?

Edited by notinfallible, 25 July 2012 - 05:14 AM.

The most important thing in communication is to hear what isn't being said.

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:38 PM

Posted 25 July 2012 - 05:10 AM

Hi -
"wscsvc.exe". The .EXE is an executable program.
This is the one you need to watch for, and is the one described as, generally, being an infection
As per the BleepingComputer listing wscsvc.exe The listing you show relates to a Microsoft program (Security) -
Since you have disabled it, you will expect to get an error message.

Thank you for being so concerned. It is always better to confirm a suspected item, rather than just let it run.
If you are still concerned after this, please start a new topic in the Malware Removal section, and post the required logs as listed in the introduction

Regards -

#6 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:06:38 AM

Posted 25 July 2012 - 05:15 AM

Hi -
"wscsvc.exe". The .EXE is an executable program.
This is the one you need to watch for, and is the one described as, generally, being an infection
As per the BleepingComputer listing wscsvc.exe The listing you show relates to a Microsoft program (Security) -
Since you have disabled it, you will expect to get an error message.

Thank you for being so concerned. It is always better to confirm a suspected item, rather than just let it run.
If you are still concerned after this, please start a new topic in the Malware Removal section, and post the required logs as listed in the introduction

Regards -


What about the message when I try to open it up and see the properties? When disabled, does that mean that my firewall is also disabled?

And the "SharedAccess" service, I read about it and really don't like the whole idea of them monitoring my computer at all times. It says I need this service enabled in order to have the firewall on, if I remember correctly.

I can't stand out overtly intrusive this stuff is getting and was hoping maybe someone here could enlighten me about these things and tell me I'm crazy or something. :wacko:

Posted Image

Edited by notinfallible, 25 July 2012 - 05:23 AM.

The most important thing in communication is to hear what isn't being said.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:38 AM

Posted 25 July 2012 - 05:22 AM

Create a restore point before trying this

Press Windows+R key and type

regedit and click ok

Go to

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wscsvc\Enum

Right click on Enum key and rename it to Enum_old

Restart the PC and try to start the wscsvc service

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Edited by narenxp, 25 July 2012 - 05:22 AM.


#8 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:06:38 AM

Posted 25 July 2012 - 05:24 AM

I apologize for editing my post like 5 times every minute.
The most important thing in communication is to hear what isn't being said.

#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:38 PM

Posted 25 July 2012 - 05:26 AM

Hi -
First a minor item. Please use the Add Reply button or if it is only text, just click in the Fast Reply box. Too many quotes confuse a topic :)

You can always download Farbar Service Scanner and run it on the computer
•Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
•Press "Scan".
•It will create a log (FSS.txt) in the same directory the tool is run.
•Please copy and paste the log to your reply.

Thanks -
EDIT - Edits are nothing :wink: I do it all the time -

Edited by noknojon, 25 July 2012 - 05:29 AM.


#10 notinfallible

notinfallible
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Everywhere and Nowhere
  • Local time:06:38 AM

Posted 25 July 2012 - 05:46 AM

Thank you for helping. Here is the log...

Farbar Service Scanner Version: 22-07-2012
Ran by Owner (administrator) on 25-07-2012 at 05:40:55
Running from "C:\Pimp bleep"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

I don't like how it's called SharedAccess. To me, it doesn't matter if it's just Microsoft that has access, its how they just expect people to be cool with it that bothers me.

I do check the Microsoft page daily for updates, then just disable the services after I check, then go on about my day.

"Running from C:\Pimp bleep" :hysterical:

By the way, SharedAccess and wscsvc were not disabled until I noticed them today, about an hour or two before I posted here.

What did I do when I renamed Enum to Enum_old?? Just curious....

Edited by notinfallible, 25 July 2012 - 06:01 AM.

The most important thing in communication is to hear what isn't being said.

#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:38 PM

Posted 25 July 2012 - 06:48 PM

ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist. <<
Hi -
Sorry I did not get back earlier, but I thought narenxp would reply to you -

You can see from this HKey line that Shared Access eventually leads to your Firewall and that is all.
From this you can enable it again, as it is just a security item, and M/soft writes things in a way that is often worded in a misleading way.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
This shows that "The default start type is Auto" and you can now set it back to Auto again, as I said in Post #5 above, it is only related to security - :)

Thank You -




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users