File Search: 

ThreatExpert's awareness of the file "services.exe":

Across all ThreatExpert reports, the file "services.exe" was mostly identified as a threat.
File "services.exe" has the following statistics:
Total number of reports analysed611,932
Number of cases that involved the file "services.exe"4,953
Number of incidents when this file was found to be a threat4,690
Statistical volume of cases when "services.exe" was a threat95%
Please enable javascript to display the chart.
Notes:
  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file "services.exe" is known to be created under the following filenames:
%AllUsersProfile%\cncdown.exe
%AllUsersProfile%\documents.exe
%AllUsersProfile%\documentsread1st.exe
%AllUsersProfile%\drm.exe
%AllUsersProfile%\drm\drm.exe
%AllUsersProfile%\favorites.exe
%AllUsersProfile%\services.exe
%AllUsersProfile%\templates.exe
%AppData%\%username%.task\services.exe
%AppData%\1.exe
%AppData%\alna.scr
%AppData%\blaah.exe
%AppData%\br6657on.exe
%AppData%\calc.exe
%AppData%\codecsetup.exe
%AppData%\codecsetup3788.exe
%AppData%\codecsetup4127.exe
%AppData%\codecsetup6400.exe
%AppData%\codecsetup8536.exe
%AppData%\cp_setup_assist.exe
%AppData%\csrss.exe
%AppData%\cuda.exe
%AppData%\dealassistant\dauninstall.exe
%AppData%\defender\services.exe
%AppData%\digifast\dfuninstall.exe
%AppData%\dv6173880x\yesbron.com
%AppData%\hose.exe
%AppData%\idtemplate.exe
%AppData%\ijango_toolbar_installer.exe
%AppData%\inetinfo.exe
%AppData%\jalak-931738815-bali.com
%AppData%\ldr.exe
%AppData%\lsass.exe
%AppData%\microsoft\cd burning\auto.exe
%AppData%\microsoft\cd burning\coolworld.exe
%AppData%\microsoft\dtsc\t.exe
%AppData%\microsoft\lsass.exe
%AppData%\microsoft\office71\vhchk.exe
%AppData%\microsoft\windows\ernsjyi.exe
%AppData%\microsoft\windows\jjcmdrj.exe
%AppData%\microsoft\windows\nheste.exe
%AppData%\microsoft\windows\nxmwp.exe
%AppData%\microsoft\windows\rwmgh.exe
%AppData%\microsoft\windows\security\user0.exe
%AppData%\microsoft\windows\tbljxjk.exe
%AppData%\microsoft\windows\vohth.exe
%AppData%\microsoft\windows\vvpmyvaw.exe
%AppData%\mr_coolface.exe
%AppData%\mxplay\temp\mxplay_installer.exe
%AppData%\ntcom.dll
%AppData%\nthead.dll
%AppData%\pak-5593.exe
%AppData%\pak-5594.exe
%AppData%\pak-5595.exe
%AppData%\pak-5596.exe
%AppData%\pak-5597.exe
%AppData%\pak-5598.exe
%AppData%\pak-5599.exe
%AppData%\pak-5600.exe
%AppData%\pak-5601.exe
%AppData%\pak-5602.exe
%AppData%\pak-5603.exe
%AppData%\salehoo\auctionalert\_tmp\aa.exe
%AppData%\salehoo\salehooalert\_tmp\aa.exe
%AppData%\scvhost.exe
%AppData%\services.exe
%AppData%\silverlight\silverlight.exe
%AppData%\skynet\muonline\_cw0srv.exe
%AppData%\skynet\muonline\234672.exe
%AppData%\skynet\muonline\239874.exe
%AppData%\skynet\muonline\293874.exe
%AppData%\skynet\muonline\345674.exe
%AppData%\skynet\muonline\345676.exe
%AppData%\skynet\muonline\435627.exe
%AppData%\skynet\muonline\543978.exe
%AppData%\skynet\muonline\546783.exe
%AppData%\smss.exe
%AppData%\speedrunner\sruninstall.exe
%AppData%\svchost.exe
%AppData%\temp.dll
%AppData%\truesword4.exe
%AppData%\wefisetup.exe
%AppData%\winbutler\winbuninstaller.exe
%AppData%\winbutler\winbutler.exe
%AppData%\windows.exe
%AppData%\windows\csrss.exe
%AppData%\windows\lsass.exe
%AppData%\windows\scvhost.exe
%AppData%\windows\services.exe
%AppData%\windows\smss.exe
%AppData%\windows\winlogon.exe
%AppData%\winlogon.exe
%AppData%\wintouch\wintouch.exe
%AppData%\wintouch\wtuninstaller.exe
%AppData%\wrar380d.exe
%AppData%\yeah\yeah374809.exe
%CommonAppData%\38001914.exe
%CommonAppData%\3810eef8.exe
%CommonAppData%\381751d0.exe
%CommonAppData%\388f0900.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "services.exe" has the following possible countries of origin:
OriginNumber of Incidents
China206
Iran117
Russian Federation85
Germany21
Brazil11
Poland9
Spain5
Romania4
Turkey3
Italy2
Sweden2
Finland1
France1
Israel1
Saudi Arabia1
United Kingdom1

The following threats are known to be associated with the file "services.exe":
Threat AliasNumber of Incidents
W32/Rontokbro.gen@MM [McAfee]80,589
Email-Worm.Win32.Brontok.n [Kaspersky Lab]78,130
W32.Rontokbro.U@mm [Symantec]74,815
WORM_BRONTOK.BA [Trend Micro]69,314
Worm.Brontok.BA [PC Tools]33,649
Worm.Brontok.BK [PC Tools]29,327
Worm.Brontok.Gen!Pac.3 [PC Tools]13,645
WORM_RONTKBR.GEN [Trend Micro]9,075
WORM_MYDOOM.GEN [Trend Micro]4,006
Email-Worm.Win32.Mydoom.m [Kaspersky Lab]4,005
Backdoor.Zincite.A [Symantec]3,916
W32.Rontokbro.X@mm [Symantec]3,844
W32.Rontokbro@mm [Symantec]3,757
W32/MyDoom-O [Sophos]3,649
Worm:Win32/Mydoom.O!backdoor [Microsoft]3,471
Email-Worm.Win32.Mydoom.m [Ikarus]3,382
Win-Trojan/MyDoom.8192 [AhnLab]3,204
I-Worm.Brontok.AY [PC Tools]2,528
Backdoor.Zincite!sd5 [PC Tools]2,225
WORM_BRONTOK.IE [Trend Micro]2,020
PE_PARITE.A [Trend Micro]1,804
W32/Pate.b [McAfee]1,803
Virus.Win32.Parite.b [Kaspersky Lab]1,800
Win32.Parite.B [PC Tools]1,795
Email-Worm.Win32.Brontok.N [Ikarus]1,550
W32.SillyFDC [Symantec]1,194
W32/Zaflen.a [McAfee]1,073
Worm.VB.FKF [PC Tools]1,071
Worm.Win32.VB.gr [Kaspersky Lab]1,025
W32/Rontokbr-A [Sophos]938
W32/Dzan.c [McAfee]731
PE_DZAN.C-O [Trend Micro]730
Virus.Win32.Dzan.c [Kaspersky Lab]704
I-Worm.Brontok.BM [PC Tools]680
Trojan Horse [Symantec]557
BackDoor-AVW [McAfee]494
W32/Brontok-AE [Sophos]430
Email-Worm.Win32.Brontok.q [Kaspersky Lab]363
PE_FLUENZA.ART-O [Trend Micro]345
Worm.Brontok.Gen.1 [PC Tools]331
Worm.VB.DRUS [PC Tools]326
WORM_VB.FVY [Trend Micro]315
Backdoor.Win32.Prorat.19.i [Kaspersky Lab]267
Backdoor.Prorat.AR1 [PC Tools]254
Bloodhound.Unknown [Symantec]242
TrojanClicker:Win32/Hatigh.C [Microsoft]238
IM-Worm.Win32.Sohanad.dz [Kaspersky Lab]235
Mal/EncPk-KP [Sophos]223
Backdoor.Prorat [Symantec]213
Mal/Generic-A [Sophos]212
Gen.Packed [Ikarus]210
Backdoor.IRC.Flood [PC Tools]204
BKDR_PRORAT.F [Trend Micro]203
W32.Drowor.B [Symantec]201
W32/Drowor-A [Sophos]194
Packed.Generic.233 [Symantec]190
Generic.dx!fml [McAfee]189
W32.Dizan.C [Symantec]164
Virus:Win32/Dzan.B [Microsoft]137
W32/Dzan-D [Sophos]137
Troj/Prorat-19 [Sophos]132
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Packer, Mal/Behav-024 [Sophos]131
Generic.dx [McAfee]124
Backdoor:Win32/Prorat.L [Microsoft]121
BKDR_AVW.A [Trend Micro]109
W32.Dzan [Ikarus]109
Virus.Win32.Virut.ce [Kaspersky Lab]108
Win32/Virut.F [AhnLab]107
Backdoor.Win32.Prorat.dz [Kaspersky Lab]106
W32/Scribble-B [Sophos]105
W32/Virut.gen [McAfee]102
IM-Worm.Win32.Sohanad [Ikarus]99
W32.Virut.CF [Symantec]99
Backdoor.Prorat.AX [PC Tools]96
BKDR_PRORAT.BL [Trend Micro]96
Email-Worm.Brontok!sd5 [PC Tools]95
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Behav-024 [Sophos]91
Win-Trojan/Xema.variant [AhnLab]91
Backdoor.Mydoom.R [PC Tools]89
Generic BackDoor [McAfee]89
Virus:Win32/Virut.BM [Microsoft]85
Backdoor.Win32.Iroffer.cx [Ikarus]84
Spammer:Win32/Tedroo.I [Microsoft]84
W32.Pasobir [Symantec]84
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Behav-024, Mal/Heuri-D, Mal/Emogen-N [Sophos]82
Trojan:Win32/Puzlice.A [Microsoft]81
Win32/Dzan.B [AhnLab]81
Adclicker-GV [McAfee]77
W32/Lovelet-AD [Sophos]75
W32/Sality-AM [Sophos]75
W32/Virut.n.gen [McAfee]75
WORM_VB.CBS [Trend Micro]75
Worm:Win32/Zaflen.A@mm [Microsoft]74
Backdoor.Win32.Iroffer [Ikarus]73
Virus:Win32/Sality.AM [Microsoft]73
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Emogen-N, Mal/Heuri-D [Sophos]73
Trojan.Win32.Delf.aam [Kaspersky Lab]72
Backdoor.Win32.mIRC-based.k [Kaspersky Lab]71
Troj/VB-EHN [Sophos]69
Backdoor.Win32.Prorat [Ikarus]68