User guide
Table Of Contents
- ESET NOD32 Antivirus 6
- Installation
- Beginner's guide
- Work with ESET NOD32 Antivirus
- Computer
- Web and email
- Updating the program
- Tools
- User interface
- Advanced user
- Glossary
74
5.6.4 Service Script
Service script is a tool that provides help to customers that use ESET SysInspector by easily removing unwanted objects
from the system.
Service script enables the user to export the entire ESET SysInspector log, or its selected parts. After exporting, you can
mark unwanted objects for deletion. You can then run the modified log to delete marked objects.
Service Script is suited for advanced users with previous experience in diagnosing system issues. Unqualified
modifications may lead to operating system damage.
Example
If you suspect that your computer is infected by a virus which is not detected by your antivirus program, follow the
step-by-step instructions below:
1. Run ESET SysInspector to generate a new system snapshot.
2. Select the first item in the section on the left (in the tree structure), press Shift and select the last item to mark all
items.
3. Right click the selected objects and select Export Selected Sections To Service Script.
4. The selected objects will be exported to a new log.
5. This is the most crucial step of the entire procedure: open the new log and change the – attribute to + for all objects
you want to remove. Please make sure you do not mark any important operating system files/objects.
6. Open ESET SysInspector, click File > Run Service Script and enter the path to your script.
7. Click OK to run the script.
5.6.4.1 Generating Service script
To generate a script, right-click any item from the menu tree (in the left pane) in the ESET SysInspector main window.
From the context menu, select either Export All Sections To Service Script or Export Selected Sections To Service
Script.
NOTE: It is not possible to export the service script when two logs are being compared.
5.6.4.2 Structure of the Service script
In the first line of the script’s header, you can find information about the Engine version (ev), GUI version (gv) and the
Log version (lv). You can use this data to track possible changes in the .xml file that generates the script and prevent
any inconsistencies during execution. This part of the script should not be altered.
The remainder of the file is divided into sections in which items can be edited (denote those that will be processed by
the script). You mark items for processing by replacing the “-” character in front of an item with a “+” character. Sections
in the script are separated from each other by an empty line. Each section has a number and title.
01) Running processes
This section contains a list of all processes running in the system. Each process is identified by its UNC path and,
subsequently, its CRC16 hash code in asterisks (*).
Example:
01) Running processes:
- \SystemRoot\System32\smss.exe *4725*
- C:\Windows\system32\svchost.exe *FD08*
+ C:\Windows\system32\module32.exe *CF8A*
[...]
In this example a process, module32.exe, was selected (marked by a “+” character); the process will end upon execution
of the script.
02) Loaded modules
This section lists currently used system modules.