DFServEx.exe can't be killed?

[Nerve]

Hello,
I have that silly process (DFServEx.exe) associated with DeepFreeze, are they any workarounds to kill it?
I've been to google, done some searching all to know avail.
It also has a child called FrzState.exe
Thanks for any response I may get :)

[trinidude]

Do u have DeepFreeze installed?
http://www.file.net/process/dfservex.exe.html
http://www.file.net/process/frzstate.exe.html
Important: Some malware camouflage themselves as DfServEx.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the DfServEx.exe process on your pc whether it is pest.
search locate and upload to virustotal

[prashanthpai]

What stops you from killing it ? You can use taskmanager alternatives like Process Explorer.
If you want to delete it use Unlocker, forcedel or fileassasin.
http://www.raymond.cc/blog/archives/2007/04/01/deleting-impossible-to-delete-files/
http://www.raymond.cc/blog/archives/2006/01/12/file-in-use-unable-to-delete-move-or-rename/
Or you can go into safemode and delete it.

Or you can forcibly kill manually by typing these into cmd
taskkill /f /t /im DFServEx.exe
taskkill /f /t /im FrzState.exe

And see if those processes are run as services. If yes, you can disable those.

[Nerve]

Thanks for the replies, trinidude - thanks for the links, I have deepfreeze installed and I've read that before, anwyays thanks :)
[hr]
Thanks for the useful tips prashanthpai ;) :)
I tried using the cmd commands and it says:

The process with PID 1420 and child of PID 628 could not be terminated.
Reason: Access is denied.

The second command to kill it's child outputs a similar error but with a child PID (788).
[hr]
I've used unlock before but haven't used it for this situation, FA looks good - but as usual such apps require a restart so the files could be deleted before it gets to work :P

I'll try both and report back :)

[prashanthpai]

Deleting from safemode is hassle-free :)

I guess you are administrator. But even admin can't end process started by the user called "SYSTEM" or "NT AUTHORITY". That's why we get "access denied". There's a work around for this.
Schedule cmd using at command.
Example : If current time in your system tray clock is 18:40, then type this command
at 18:42 /interactive “cmd.exe” {Remember - time has to be in 24 hr format)
Exactly after 2 mins, you'll get a cmd prompt running as "SYSTEM". Now you can kill any process and you can use the above two taskkill commands. This because any process running as SYSTEM is the almighty, it can do anything. You can use this to fight of stubborn virus processes that cannot be killed using taskmgr or using /f switch.

P.S: And anything which is run from that SYSTEM cmd prompt also runs as SYSTEM.

[Nerve]

I'll try this shortly, that's awesome man ;)

-[n3rve]

[Odie]

@ Prahanthpai: Thanks for reminding me about this, I've read about it some time ago but because I never have used it, have forgotten about it again. Wish we had access to some sort of quick reference for neat tricks like this.

[Nerve]

I couldn't get cmd to fire up after using the schedule script as suggested above.
I fired it up manually, typed in "Time", and the time was 1:46:31.11.
I used at 1:48:50 /interactive “cmd.exe” and it didn't show up.
I checked at /? and the command seems to be correct, I'm lost

-[n3rve]

[Fahad]

To make it work make sure your "Task Scheduler" service is running.

[Nerve]

And how do I ensure that is running?