Information and startup locations can be examined on this page: verify all your files to make sure that they are legitimate, digitally signed and from the company Microsoft Corporation to which they should belong.
services.exe security and file info
services.exe
- Système d'exploitation Microsoft(R) Windows (R) 2000
- Microsoft Corporation
 |
|
 |
| Filetype : executable |
An executable file is a program that can be executed in your windows environment.
|
|
What is services.exe?
Services.exe is the Windows Services Control Manager. This process is responsible for starting, stopping, and managing system services. Services.exe will start automatic services on boot and stop all services on shutdown.
This process is a critical system process and is essential to the operation of the system. Due to the critical nature of the process, it is not possible to terminate it via the task manager. Disabling this process otherwise will render your system unbootable. The screenshot below illustrates how this process should appear in the task manager:
As you can see in the above screenshot, services.exe always runs as SYSTEM. A process with this name running as a different user is a strong indicator of a malware infection.
Dangers of services
As this is a critical system process that runs on every Windows NT-based (2000, XP, Vista) machine, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.
Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as services.exe:
- W32.Randex.R (%SystemRoot%\service.exe)
- Randex is a worm that infects systems through network shares.
- W32.HLLW.Kazping (%SystemRoot%)
- This is a virus that spreads through KazAa shares that attempts to perform a distributed denial of service attack on a predefined website.
- W32.XTC.Worm (%SystemRoot%)
- This is an IRC backdoor Trojan which connects to an IRC server to receive commands from a remote attacker.
- Backdoor.win32.Prorat.19g
- W32.Mydoom
There will always be exactly one instance of this process running at any given time. The presence of multiple instances is a strong indicator of a malware infection.
Common problems
- Services.exe causes a Blue Screen of Death
- Viruses and spyware can cause this problem. Ensure that your system is not infected with malware
- If your system is not infected, then something is wrong with the genuine services.exe. You should perform a repair installation of Windows.
- This process uses 100% CPU time
- If you are using Windows 2000, be sure you have Service Pack 4 or later.
- If this happens when your firewall software is prompting to allow services.exe access to the internet, you probably have a malware infection.
- If you have ZoneAlarm or Symantec Norton software, try uninstalling them (after updating and scanning your system for viruses first).
|
|
|
|
|
|
| MD5 File security rating |
A MD5 hash is a unique fingerprint of a file.
Different files/versions can have the same filenames. The MD5 hash verifies that the legitimate file is not altered.
Runscanner (Freeware) can help you checking the file's MD5 hashes
| Services.exe files in Runscanner database |
 |
|
136 different item(s) in database |
|
|
2 different item(s) in database |
 |
|
4 different item(s) in database |
|
|
217 different item(s) in database |
|
|
Green items are verified safe to use |
|
Unrated items are not yet checked for safety. |
 |
Red items are not safe (typically virusses, spyware or other malware) |
|
This file is digitally signed by it's publisher.
This means that the file is from the company claiming to created it, this does not mean by default that the file is safe
|
|
|
|
| General file info |
| Product name: |
Système d'exploitation Microsoft(R) Windows (R) 2000
|
| Description: |
services.exe
|
| Company: |
Microsoft Corporation
|
| Fix SERVICES.EXE errors: Free registry scan |
|
|
|
| Pacman startup database |
Added by a number of VIRUSES, WORMS and TROJANS!
AUTOTROJ-C TROJAN, BOBAX.AA WORM, CIADOOR-F TROJAN, CROWT.A WORM, DLOADER-ET TROJAN,PREXOT.D TROJAN, ZINCITE.A TROJAN and more than 30 known others
CoolWebSearch parasite variant.
FakeMessage/AdRotator adware.
NSKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!
WSLogger keystroke logger/monitoring program - remove unless you installed it yourself!
Note - this is not the legitimate services.exe process which should NOT appear in Msconfig/Startup! |
| info provided by sysinfo.org |
|
|
|
Automatic startup locations
 |
| |
 |
001 Running Processes |
| |
 |
002 Autorun registry entries local machine |
| |
|
003 Autorun registry entries Current User |
| |
 |
004 All users startup startmenu |
| |
|
008 Autorun registry entries Default user |
| |
|
009 Autorun registry entries SYSTEM user |
| |
 |
010 Installed services |
| |
 |
033 Winlogon Userinit |
| |
|
035 Active Setup Installed Components |
| |
|
073 %windir%\Tasks |
| |
 |
146 AlternateShell |
| |
|
166 HKCU Policies\Explorer\Run |
| |
|
167 HKLM Policies\Explorer\Run |
 User comments for this file
More system processes
|
|
| Filename / Process |
|
| Guid / CLSID |
|
| MD5 hash |
|
|
|
359 MD5 version(s) found
only top 10 displayed
|
|
|
| Check your autostart files
|
|
|
|
