Service.exe Process
Application security, Database, DataCenter, Development, Encryption, Exchange, Incident response, Instant Messaging, Secure Coding, Security, Vulnerability Assessment & Audit
I have a w2k pro computer that is experiencing an incredible slowness, when I check the runing processes, I find service.exe is eating up over 90% of the cpu, starving out any other application/process. Has anybody come accross this problem and knows how to fix it? any suggestion would be appreciated. thanks.
Software/Hardware used:
Software/Hardware used:
ASKED:
April 18, 2005 1:02 PM
UPDATED:
June 8, 2005 1:57 AM
Answer Wiki:
sounds like a virus...See NOTE...
Process File: services or services.exe
Process Name: Windows Service Controller
Description:
services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping services. This process also deals with the automatic starting of services during the comptuers boot-up and the stopping of servicse during shut-down. This program is important for the stable and secure running of your computer and should not be terminated.
Note: services.exe is also a process which is registered as the W32.Randex.R Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
To see all answers submitted to the Answer Wiki: View Answer History.
‘Randex’ or ‘Sasser’, when you have progressive memory leaks in Lsass and the ‘Services’ process next to it, you get to the point where ‘Services’ trying to start will consume all resources. If a restart pushes the sizes back down and things return to normal then it is likely to be a ‘Sasser’ variant, If not then ‘Randex’. As there are several thousand clones out there I can not give specific removal suggestions. But a good start is the Microsoft malicious software removal tool.
Hello Everyone,
I agree with aclark95 – sounds like a virus.
The important point here is that the process is consuming an extra-ordinarily large amount of the processor. If it were not (and you were running a Dell machine or SCSI adapter) then it might not be.
When checking services I have always found Google to be a great source of information. Just type in the name and away you go. If you would like a more targeted approach to identifying processes you can go to http://www.liutilities.com/
They consitantly provide good info even in the free write-ups. Here is what they have to say about Service.exe:
Description:
service.exe is a process belonging to the Dell Solution Center which offers worldwide technical support and training for it’s products. This program is important for the stable and secure running of your computer and should not be terminated. This process is also intalled alongside Adaptec SCSI cards, and again should not be terminated unless causing problems. Note: service.exe is also a process which is registered as the Win32.Raleka worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open it?s hostile attachment. The worm has it?s own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. Please see additional details regarding this process
I use a program called ProcessExplorer.exe to identify exactly what is draining resources. It shows all running programs running in a directory tree view, so it will identify the specific program running under Services.exe that is draining resources.