services.exe (5.1.2600.0)

Contained in software
Name:	Windows XP Home Edition, Deutsch
License:	commercial
Information link:	http://www.microsoft.com/windowsxp/
File details
Filepath:	C:\WINDOWS\system32 \ services.exe
Filedate:	2002-08-29 14:00:00
Version:	5.1.2600.0
Filesize:	101.888 bytes
Checksum and file hashes
CRC32:	59F4EF56
MD5:	A87C 3A6B 407F B3B2 2C56 6315 607C E229
SHA1:	9ECF 5BAC 16A2 F63E 0141 7565 E5CC D065 2845 4A2F
Version resource information
CompanyName:	Microsoft Corporation
FileDescription:	Anwendung für Dienste und Controller
FileOS:	Windows NT, Windows 2000, Windows XP, Windows 2003
FileType:	Application
FileVersion:	5.1.2600.0
InternalName:	services.exe
LegalCopyright:	© Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename:	services.exe
ProductName:	Betriebssystem Microsoft® Windows®
ProductVersion:	5.1.2600.0

services.exe was found in the following malware reports:


Adware.Replace
Technical details ...1.01.00.dll Services.exe When Adware.Replace is executed,... ...Creates the following files: %System%ServicesServices.exe 1.01.00.dll... ..."xpsystem"="%system%ServicesServices.exe" in the registry key:... ...in the [windows] section: run=%system%ServicesServices.exe load=%system%ServicesServices.exe... ...[windows] run=%system%ServicesServices.exe load=%system%ServicesServices.exe... Removal instructions ..."xpsystem"="%system%ServicesServices.exe" Exit the Registry Editor.... ...look for a line similar to: run=%system%ServicesServices.exe load=%system%ServicesServices.exe... ...[windows] run=%system%ServicesServices.exe load=%system%ServicesServices.exe... Source: http://securityresponse.symantec.com/avcenter/venc/data/adware.replace.html
Adware.Clickbank
Technical details ...File names: Services.exe When Adware.Clickbank is run,... ...Copies itself as %Windir%system32inetsrvServices.exe. Note: %Windir% is a variable.... ..."SuperBar.Component" = %windir%system32inetsrvservices.exe "AdRotator.Application"... ..."{357AA41A-B7A8-4632-A27D-5B980B25CF43}" = %windir%system32inetsrvservices.exe to the registry key:... Removal instructions ..."SuperBar.Component" = %windir%system32inetsrvservices.exe "AdRotator.Application"... Source: http://securityresponse.symantec.com/avcenter/venc/data/adware.clickbank.html
W32.HLLW.Kazping
Technical details ...Copies itself as %Windir%Services.exe NOTE: %Windir% is a variable.... ...Adds the value: "Services.EXE"="%windir%services.exe"... ...HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion RunServices Copies itself to the following... Recommendations ...Turn off and remove unneeded services. By default, many operating... ...telnet, and a Web server. These services are avenues of attack. If they are removed, blended... ...If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.... ...Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.... Removal instructions ...the worm runs as>" "Services.EXE"="%windir%services.exe"... ...HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion RunServices In the right pane, delete... ...the value: "Services.EXE"="%windir%services.exe"... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.kazping.html
W32.Neveg.B@mm
Technical details ...Copies itself as %Windir%systemservices.exe. Note: %Windir% is a variable... ...".Prog" = "%Windir%systemservices.exe" "BuildLab" = "%Windir%systemservices.exe"... ..."ccApps" = "%Windir%systemservices.exe" "FriendlyTypeName"... ..."Microsoft Visual SourceSafe" = "%Windir%systemservices.exe" "RegDone" = "%Windir%systemservices.exe"... ..."TEXTCONV" = "%Windir%systemservices.exe" "WMAudio" = "%Windir%systemservices.exe"... Recommendations ...Turn off and remove unneeded services. By default, many operating... ...telnet, and a Web server. These services are avenues of attack. If they are removed, blended... ...If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.... ...Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.... Removal instructions ...".Prog" = "%Windir%systemservices.exe" "BuildLab" = "%Windir%systemservices.exe"... ..."ccApps" = "%Windir%systemservices.exe" "FriendlyTypeName"... ..."Microsoft Visual SourceSafe" = "%Windir%systemservices.exe" "RegDone" = "%Windir%systemservices.exe"... ..."TEXTCONV" = "%Windir%systemservices.exe" "WMAudio" = "%Windir%systemservices.exe"... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.b@mm.html
W32.Neveg.C@mm
Technical details ...Copies itself as %WinDir%systemservices.exe. Note: %Windir% is a variable... ...".Prog"="%Windir%systemservices.exe" "BuildLab"= "%Windir%systemservices.exe"... ..."ccApps"="%Windir%systemservices.exe" "FriendlyTypeName"="%Windir%systemservices.exe"... ..."Microsoft Visual SourceSafe"="%Windir%systemservices.exe" "RegDone"="%Windir%systemservices.exe"... ..."TEXTCONV"="%Windir%systemservices.exe" "WMAudio"="%Windir%systemservices.exe"... Recommendations ...Turn off and remove unneeded services. By default, many operating... ...telnet, and a Web server. These services are avenues of attack. If they are removed, blended... ...If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.... ...Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.... Removal instructions ...".Prog"="%Windir%systemservices.exe" "BuildLab"= "%Windir%systemservices.exe"... ..."ccApps"="%Windir%systemservices.exe" "FriendlyTypeName"="%Windir%systemservices.exe"... ..."Microsoft Visual SourceSafe"="%Windir%systemservices.exe" "RegDone"="%Windir%systemservices.exe"... ..."TEXTCONV"="%Windir%systemservices.exe" "WMAudio"="%Windir%systemservices.exe"... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.c@mm.html
W32.XTC.Worm
Threat assessment ...Name of attachment: Services.exe Size of attachment:... Recommendations ...Turn off and remove unneeded services. By default, many operating... ...telnet, and a Web server. These services are avenues of attack. If they are removed, blended... ...If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.... ...Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.... Removal instructions ... The Services.exe worm program runs as a service.... ...before you can delete it. To remove Services.exe from memory In the registry, search for... ...In the Windows (Windows 9x) or WINNT (Windows NT2000) directory, delete Services.exe. Note:... ...Be careful not to remove the file c:winntsystem32services.exe (a Windows NT system file.)... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.xtc.worm.html
W32.Servese
Technical details ...makes a copy of itself as: WindowsServices.exe It then adds the value... ...HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce It then exits.... Removal instructions ...If the detected file is about 23 KB in size and the name is Services.exe, just you can delete this file.... ...... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.servese.html

Navigation

Browse files

• by name

services.exe (5.1.2600.0)

Contained in software

File details

Checksum and file hashes

Version resource information

services.exe was found in the following malware reports:

Adware.Replace

Adware.Clickbank

W32.HLLW.Kazping

W32.Neveg.B@mm

W32.Neveg.C@mm

W32.XTC.Worm

W32.Servese

Navigation