W32.Servese
Aliases: Win32.HLLC.Servese, W32/Servese.ow, Win32.HLLC.Servese.23552, W32/HLLC-Serves, Win32/
[email protected]
Variants: PE_SERVESE.A, W32/HLLW.23552, Win32:Servese, Win32/HLLW.Servese, Win32.HLLC.Servese
Classification: Malware
Category: Computer Virus
Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 14 Feb 2002
Damage: High
Characteristics: W32.Servese overwrites executable files with itself when they are opened. It makes a duplicate of the original file before it overwrites. The duplicates have the similar file name but with the .dll extension.
W32.Servese Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Servese from your computer.
More details about W32.Servese
When the W32.Servese virus is opened, it creates a copy of itself as “\Windows\Services.exe”, then it adds the value “Explorer Services.exe” then it closes. When the W32.Servese program is running as a software program and an executable file is opened, the virus tries to create a duplicate of the executable file. The duplicate has the similar file name as the original, but w/ the .dll extension. Then the virus overwrites the .exe file w/ itself. The W32.Servese virus may exploit the security flaws of the computer. It may particularly disable antivirus and firewall applications. It hides its own processes, files and registry changes using a kernel-mode rootkit. It may also install backdoor applications in the infected computer. These backdoor applications may be used by other worm programs to gain entry in the computer system.
W32.Servese overwrites executable files w/ itself when they’re run. It makes a duplicate of the original file before it changes it. The duplicates have the similar file name but w/ the “.dll extension”. When this virus is opened it creates a duplicate of itself as “WindowsServices.exe”. It then puts the value “Explorer Services.exe” to the registry key. Then, it closes. When the bug is running as a program and an .exe file is opened, the virus tries to make a duplicate of that .exe file. The duplicate has the similar filename as the original, but w/ the “.dll extension”. Then, the virus overwrites the .exe file w/ itself.