6.2.9200.16384 (win8_rtm.120725-1247) 1.02%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.12%
6.1.7600.16385 (win7_rtm.090713-1255) 30.46%
6.1.7600.16385 (win7_rtm.090713-1255) 54.86%
6.0.6000.16386 (vista_rtm.061101-2205) 8.27%
6.0.6000.16386 (vista_rtm.061101-2205) 0.06%
6.0.6000.16386 (vista_rtm.061101-2205) 0.54%
6.0.6000.16386 (vista_rtm.061101-2205) 1.86%
6.0.6000.16386 (vista_rtm.061101-2205) 0.06%
5.2.3790.4455 (srv03_sp2_gdr.090203-1205) 0.06%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710) 0.06%
5.1.2600.5755 (xpsp_sp3_qfe.090206-1316) 2.40%
5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) 0.06%
5.1.2600.3311 (xpsp.080212-0005) 0.06%
5.1.2600.3300 (xpsp.080125-2028) 0.06%
5.1.2600.3244 (xpsp.071030-1537) 0.06%



Services and Controller app by Microsoft

Remove services.exe
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Warning 35 antivirus scanners has detected malware in various versions of services.exe.


services.exe has 16 known versions, the most recent one is 6.2.9200.16384 (win8_rtm.120725-1247). It is started as a Windows Service called 'Plug and Play' with the name 'PlugPlay' and described as “Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 235.78 KB. During the process's lifecycle, the typical CPU resource utilization is about 0.0037% including both foreground and background operations, the average private memory consumption is about 6.68 MB with the maximum memory reaching around 10.32 MB. Addionally, typically read and write I/O disk operations is about 8.46 KB per minute for reads and 23.48 KB per minute for writes.

What is services.exe?

Service Control Manager (SCM) is a special system process which starts, stops and interacts with Windows service processes. The SCM executable, Services.exe, runs as a Windows console program, and is launched by the Wininit process early during the system startup.


File name:services.exe
Publisher:Microsoft Corporation
Product name:Services and Controller app
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\services.exe
Original name:services.exe.mui
Windows Service
Service name:PlugPlay
Display name:Plug and Play
Description:“Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.”


(Note, the behaviors below are for all versions of services.exe, select a unique version for details.)
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
  • 'PlugPlay' (Plug and Play)
  • 'Eventlog' (Event Log)

MalwareMalware detections

Based on 40+ industry antivirus scanners, 35 of them detected the following malware.
Antivirus engineEngine versionDetectionFile version
Avira AntiVir W32/Patched.UB 6.0.6000.16386 (vista_rtm.061101-2205)
Antiy Labs AVL Virus/Win32.ZAccess.gen 6.0.6000.16386 (vista_rtm.061101-2205)
avast! 8.0.1489.320 Win32:Sirefef-AII [Rtk] 6.0.6000.16386 (vista_rtm.061101-2205)
AVG 2014.0.3629 Patched_c.LYT 6.0.6000.16386 (vista_rtm.061101-2205)
BitDefender 7.2 Trojan.Patched.Sirefef.C 6.0.6000.16386 (vista_rtm.061101-2205)
Clam AntiVirus Trojan.Zeroaccess-496 6.0.6000.16386 (vista_rtm.061101-2205)
Commtouch W32/Backdoor.NKMQ-3542 6.0.6000.16386 (vista_rtm.061101-2205)
Comodo Internet Security 16515 UnclassifiedMalware 6.0.6000.16386 (vista_rtm.061101-2205)
Dr.Web BackDoor.Maxplus.5220 6.0.6000.16386 (vista_rtm.061101-2205)
Emsisoft Anti-Malware Trojan.Patched.Sirefef.C (B) 6.0.6000.16386 (vista_rtm.061101-2205)
eSafe Win32.Trojan 6.0.6000.16386 (vista_rtm.061101-2205)
ESET NOD32 7.8505 Win32/Sirefef.FB.Gen 6.0.6000.16386 (vista_rtm.061101-2205)
Fortinet W32/ZAccInf.B!tr 6.0.6000.16386 (vista_rtm.061101-2205)
F-Secure 11.0.19100.45 Virus:W32/ZeroAccess.B 6.0.6000.16386 (vista_rtm.061101-2205)
G Data 13.6.22 Trojan.Patched.Sirefef.C 6.0.6000.16386 (vista_rtm.061101-2205)
Ikarus T3. Trojan.Patched_c 6.0.6000.16386 (vista_rtm.061101-2205)
K7 AntiVirus 9.170.8927 Trojan 6.0.6000.16386 (vista_rtm.061101-2205)
K7GW Trojan 6.0.6000.16386 (vista_rtm.061101-2205)
Kaspersky Virus.Win32.ZAccess.m 6.0.6000.16386 (vista_rtm.061101-2205)
Malwarebytes Rootkit.0Access 6.0.6000.16386 (vista_rtm.061101-2205)
McAfee 5.400.1158 ZeroAccess.ds.gen.c 6.0.6000.16386 (vista_rtm.061101-2205)
McAfee Gateway Anti-Malware v2013-dat ZeroAccess.ds.gen.c 6.0.6000.16386 (vista_rtm.061101-2205)
Microsoft Security Essentials 1.9607.0 Virus:Win32/Sirefef.R 6.0.6000.16386 (vista_rtm.061101-2205)
eScan by MicroWorld Trojan.Patched.Sirefef.C 6.0.6000.16386 (vista_rtm.061101-2205)
Norman 7.01.04 ZAccInf.A 6.0.6000.16386 (vista_rtm.061101-2205)
Panda Antivirus W32/SirefefP 6.0.6000.16386 (vista_rtm.061101-2205)
PC Tools Trojan.Zeroaccess 6.0.6000.16386 (vista_rtm.061101-2205)
Sophos 4.90.0 Troj/ZAccInf-B 6.0.6000.16386 (vista_rtm.061101-2205)
Symantec 20131.1.0.101 Trojan.Zeroaccess!inf 6.0.6000.16386 (vista_rtm.061101-2205)
The Hacker None Trojan/Sirefef.FB.gen 6.0.6000.16386 (vista_rtm.061101-2205)
Total Defense 37.0.10487 Win32/Sirefef!patched 6.0.6000.16386 (vista_rtm.061101-2205)
Trend Micro 9.740.0.1012 Mal_Siref32 6.0.6000.16386 (vista_rtm.061101-2205)
Trend Micro HouseCall 9.700.0.1001 Mal_Siref32 6.0.6000.16386 (vista_rtm.061101-2205)
VIPRE Antivirus 19140 Virus.Win32.Sirefef.r (v) 6.0.6000.16386 (vista_rtm.061101-2205)
ViRobot 2011.4.7.4223 Win32.ZeroAccess.A 6.0.6000.16386 (vista_rtm.061101-2205)

VersionsAll file variations of services.exe

MD5SHA-1File size
575fb4211bb07db7d2179b1b05fe7efd ab3281274730d34ba320bcd91257867c56a2b2cc 325.5 KB
d7fdea92974e3f5295101eb619bdd268 dcf46c116937c420ae3bf1c04013e226d74a55d8 327.5 KB
5f1b6a9c35d3d5ca72d6d6fdef9747d6 54a90c371155985420f455361a5b3ac897e6c96e 253 KB
24acb7e5be595468e3b9aa488b9b4fcb a5b16a7d28d2ba79a9ccfc16ed480ad75a757166 321 KB
d4e6d91c1349b7bfb3599a6ada56851b d1fdd47a13a50805ed4e3d17816c2cd036503421 273 KB
dfac660f0f139276cc9299812de42719 4c9f1d8da9dd96e9d95cc546b92573e99b272c30 375.5 KB
329cf3c97ce4c19375c8abcabae258b0 33e6d6e00de7c2d77da48d13cd7ddc98f2bfadb4 273 KB
934e0b7d77ff78c18d9f8891221b6de3 a1af1d6829236b5bd9980175f8aedd9f9ff3f4b0 375.5 KB
8737764f4fd36d6808ee80578409c843 653e37bb2ae7df6bbe5f62aa0bd2566c684cc259 273 KB
1e07ee3f50dff2fe9b0a9d196e82698f 5870b172a9241ea3f73fd0181c0b6d72a17c3f13 222.5 KB
d255e0ddb63a6223bfd8057266380017 e6a0205cec24abcd43a3595fb474b41d798f6829 219 KB
020ceaaedc8eb655b6506b8c70d53bb6 6da7935a38dbc2a02e85b012ce39215e34f4576f 108 KB
1427365eff6f4758ddc88388045e8400 c794f0b1d0cd760f4e2057d9075aeafa70a4bd6b 108 KB
3bf0df2d99ee82b08c1e76b72fa562c7 6bc23e940a2314622c6fa765f961d6d801f06253 106 KB
c66f8642b4368436e1c5b6add83f5899 dc57727670f7a07269be32b43d3e4b7e0dc64dbf 106 KB
18fb4870d9b53aedab08fb404133a1c5 8921243895b208576b5ae05142a04acbc246568b 106 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 49.00%
Windows 7 Ultimate 29.25%
Windows 7 Professional 10.00%
Windows Vista Home Premium 4.00%
Windows 7 Home Basic 3.00%
Windows 7 Starter 0.75%
Windows 8 Pro 0.75%
Windows 7 Enterprise 0.75%
Windows Seven Black Edition 0.50%
Windows Vista Home Basic 0.50%
Windows Vista Ultimate 0.50%
Windows Se7en Titan 0.25%
Windows 8 Pro with Media Center 0.25%
Windows Vista Business 0.25%
Windows 8 0.25%

Distribution by countryDistribution by country

United States installs about 39.65% of Services and Controller app.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 21.60%
Hewlett-Packard 17.32%
ASUS 17.13%
Acer 12.85%
Toshiba 9.31%
Sony 6.33%
Lenovo 4.10%
Samsung 2.05%
Intel 1.86%
MSI 1.12%
Alienware 0.74%
Medion 0.74%
American Megatrends 0.56%
Sahara 0.37%
Gateway 0.37%
NEC 0.37%
Compaq 0.37%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE