[Sabrehawk]

What is it ?
Uaservice7.exe is a service that will enable non-adminstrative users
to play securom7 protected games. This can be a potential risk
to your data since it does things with your OS that are not
allowed to be done due to policy of XP. Possible exploits of
the service are imagineable.

I have not found a tool that will safely and ultimately remove
securom7´s malware driver uaservice7.exe properly from a infected system.

My findings so far

Service is installed by game installation without consent of
the user. During this installation it also seemed to tamper with
the tray icon of DT 4.0 and closed it without my consent !
No biggy i just relaunched the DT shortcut and it was back,
but interesting nevertheless. I admit though that i have not
tried to reproduce this event.

Service cannot be uninstalled by control panel.

Service will not opt for any uninstallation and securom (which is a SONY company...
does this ring a bell) does not provide any util for a clean 100% removal of their malware.

Service must be stopped by hand , deactivated and
then uaservice7.exe must be deleted from windows/system32 by hand.

This does not conclude the removal process...

uaservice7 installs legacy components in your registry which change the privelege on
their keys to deny access to administrator. Since this is a halfassed solution you can
search for any securom key in your registry and change its properties to allow full
access to anyone and then delete them. You will only be able to change props if you
are logged on as admin. You will not be able to delete the keys even as admin if
you dont change the props prior to deleting the key.

What i have not found out is how to clear securom7 from
the list of services

sc delete servicename does not work because the service
is already stopped by me and uaservice7 is deleted from
system. I have no remnants in the registry left that would
point my into the direction of how to clear the service
from the list of services in xp.

sc query shows no process running that would identify
as remnant of securom7.

Allthough it looks clean theres still that entry in the services
list and i want to remove that for having a clean list of
services.

We should really join for a class action lawsuit against Securom aka Sony under Texas,
California and New York law. It pays 100.000$ per infringement .
I have nothing against SONY as a company but this just
tops it. Even Starforce offers a removal utility.

[evlncrn8]

Quote:

Originally Posted by Sabrehawk

What is it ?
I have not found a tool that will safely and ultimately remove
securom7ґs malware driver uaservice7.exe properly from a infected system.

since when was an exe a driver?, and the uaservice7 has not been declared as malware or anything else

Quote:

During this installation it also seemed to tamper with
the tray icon of DT 4.0 and closed it without my consent !
No biggy i just relaunched the DT shortcut and it was back,
but interesting nevertheless. I admit though that i have not
tried to reproduce this event.

if you cant reproduce the event then how can you claim the installation did it...

Quote:

uaservice7 installs legacy components in your registry which change the privelege on
their keys to deny access to administrator.

it does?

Quote:

What i have not found out is how to clear securom7 from
the list of services

then the title of this thread is misleading..

Quote:

Allthough it looks clean theres still that entry in the services
list and i want to remove that for having a clean list of
services.

tried

net stop service_name

Quote:

We should really join for a class action lawsuit against Securom aka Sony under Texas,
California and New York law. It pays 100.000$ per infringement .
I have nothing against SONY as a company but this just
tops it. Even Starforce offers a removal utility.

sigh, you have nothing against them and then you come off with the 'lets sue them and make money', you really need to get your head straight.. and your facts too

[Sabrehawk]

clarify : .exe is not a driver = correct

its a service .... i shouldve been more precise.
Probably only a few people would make a biggy
about that..you are one of them.

2nd :

I did not claim that i merely have posted what i have
OBSERVED during the install. I have not repeated the
install to prove it happens again i also said that but
people like you always like to be smart and boss around
others huh ?

3rd.

Yes it does why u ask stupid questions if you dont even
know what im talking about. If you really had interest
in what is written here and not only wanted to show off
what a smart person you are bossing people around that
are trying to give useful information you wouldve found
them keys yourself and seen that you cannot delete them
unless you access their properties and change their
priveleges to Full Access.

4th.

The title is sort of misleading then true but only for
smartasses that put every word on the scale.
Since no active component remains after the cleaning
described it is removed. That was remains is a simply a
text string in your service list. I have asked on how to
clear that out. Maybe you could use your godly skills
to give a solution instead of smartassing around.


5th

Nice try bud ..how bout getting your facts together.

Net stop service name

net stop is a command to stop NETWORKING services
nevertheless SC delete servicename should remove
any service network or not from the list of services
after it has been stopped and deactivated.

net stop will never remove a service entry from the list of
services in services.msc

6th

You have a impression why i put a in that section
of my post ? Its rather a sarcastic joke. But i have to
explain that to people like you i must have known that.

Last

Why dont you post on USENET where wordcounters and
linebreak sheriffs that dont care for the intent of a post
are the dominating species ?

[evlncrn8]

i do care for the intent of a post, when its well written and contains information, yours doesnt...

C:\WINDOWS>net stop useraccess7
The SecuROM User Access Service (V7) service is stopping.
The SecuROM User Access Service (V7) service was stopped successfully.

C:\WINDOWS>sc delete useraccess7
[SC] DeleteService SUCCESS

worked for me, did you actually try it?

sc stop useraccess7 should also do the trick, then removal should be as simple as mebe deleting the exe, and im sure someone could do a tool to do this.

as for the other points, the registry 'legacy' components, are you sure they are there, sure the securom license keys cant be deleted but thats nothing to do with priviledges..

also you claim the service is malware, where has it ever been claimed that, and if it were the case wouldnt there be some classification of it as being so somewhere online?

no idea what your usenet jibe was about either