What is adminservice.exe/AtherosSvc is it a malware/trojan?

Alright i wanna start off by saying i know this has to be a malware already cause one, when i open services all the other programs running on my computer have a description this one doesn't.

This is what it says when i look at the details. 

Service name: AtherosSvc

Display name: AtherosSvc

Description: 

The description is blank, it doesn't say anything so that's why i'm not putting anything there, it's also makes it 10x times more weird. 

Path to executable: C:\WINDOWS\System32\drivers\AdminService.exe

Startup type: It was (automatic) But i since disabled it. 

Service Status: It was running but i stopped it. 

And when i go to the (Log on) Section of the details of this program/file. 

It says... 

Log on as: (Local System Account) 

I also checked everything else out about this program and for recovery on it says (Take no action) on First failure, second failure and subsequent failures. 

Also for (Dependencies) it says nothing, like it has no dependencies no programs or anything depend on this, which i also found really strange. 

I did a file search i searched up where this program was located, it was located in system32/drivers. 

It was created on: June ‎26, ‎2018, ‏‎5:03:28 AM

Modified: June ‎26, ‎2018, ‏‎5:03:28 AM

Accessed: June ‎26, ‎2018, ‏‎5:03:28 AM

Also the size of this file is: 406 KB (416,072 bytes)

And, The size on disk is: 408 KB (417,792 bytes)

And it's an .exe file. 

I don't know if any of this helps just including it to make sure this a legit file or something or if this information will help someone help me to figure out if this is a safe program/file or not. 

I went to the details of the file and for copyright it says: Microsoft Corporation. All Rights reserved. 

So if this a legit microsoft file by any chance than it's extremely sketchy, 

Also the original file name is: SETUPAPI.DLL

And i already did a virus/malware full scan, with malware bytes, and i'm currently doing a full scan with windows defender, than i'm gonna do a full scan with bitdefender, so hopefully it detects something, but if anyone can help me out that would be greatly appreciated. 

* Moved from virus & malware

Answer
Answer

Best online description of this file that I found was at the following, though I wouldn't ever trust any advertising or other offers to run a free scan or otherwise analyze your system found on such 3rd-party pages.  In other words, don't click any links or accept any popup "scans" or other items displayed.

https://www.file.net/process/adminservice.exe.html

Since your own description indicates the file was created, modified and last accessed June ‎26, ‎2018, ‏‎5:03:28 AM, I'd bet this would mirror many other files found in the same System32\drivers folder, since that's a common pattern for files that were originally installed when Windows was setup or upgraded on a system.

Based on the Microsoft copyright, I'd suspect this was either an upgrade or at least a Microsoft distribution of Windows 10 rather than an original installation by the manufacturer (Dell?) of the PC itself.

Such driver files not containing complete description information still isn't an uncommon occurrence, though as a driver included with Windows, especially one copyrighted by Microsoft, I'd expect it to be digitally signed with a certificate likely associated with Microsoft as well.  If that's true, I'd immediately lose all concern, since faking a digital signature is extremely difficult and unlikely.

As for randomly "disabling a lot of programs" in Windows system services, this is a known recipe for disaster and most commonly results in the need to Reset or possibly completely reinstall Windows, since making changes without knowledge and especially full documentation of each modification becomes nearly impossible to repair manually.

In other words, leave Windows files and settings alone unless you've fully investigated and discussed those specific changes here or somewhere else with a trusted professional first.  Most of us would simply say leave them alone, since that's how we operate our own systems for best operational stability and performance.

Rob

12 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

 
 

Question Info


Last updated August 3, 2020 Views 15,224 Applies to: