services.exe safe to remove or not?

Though I agree that the Neuber site describes the Services.exe - Service Control Manager file, I found it a bit confusing myself, so here's the associated description from Wikipedia which provides a bit more complete and organized description.

https://en.wikipedia.org/wiki/Service_Control_Manager

The official Microsoft descriptions for the Service Control Manager are intended for software developers, so they don't describe it in terms of the file name itself, which is why it was difficult for you to find.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms685150%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

https://msdn.microsoft.com/en-us/library/windows/desktop/ms685141(v=vs.85).aspx

Fundamentally, since the Service Control Manager controls all other services, it can be affected either by any of those services or by direct malware injection itself, so it's not simple to tell what's truly causing high utilization or RAM use issues.  For this reason, you typically use malware detection tools instead to try and determine what may be causing the issues if malware is suspected.

However, it's also possible that some misbehaving service or remote device service such as a printer driver could be causing such issues as well.  That's why you'll find so many asking about this executable on the web, but also having no idea what it is like yourself.

< EDIT > Note that if you right-click the Services.exe file in Task Manager and look at properties, it should contain a valid Digital Signature using a Microsoft Windows certificate which chains up to the Microsoft Root Certificate Authority.  The details tab should also contain information indicating that it's part of the Microsoft Windows Operating System and copyright Microsoft Corporation, though these items could be faked if the digital signature isn't present or otherwise not from Microsoft as well.

Rob

Ahh, thank you very much.

I am not sure where to look for the certificate... I right clicked the process and down to properties.

I thought that this section would be the most fitting for the certificate, or am I on the wrong place looking?

The language is swedish, but perhaps you recognize and may be able to see if this is the correct section as to where the certificate should be displayed? It does indeed say Microsoft and Windows... but is this not something that the nasty-program-creators simply can write themselves with ease?

Also, I do not think this is what slows the computer down in this case then, I was just worried because I had read that it was only ment to exist on Windows XP. & Windows Vista.

Therefore I thought that it was very likely that it would be a nasty program in disguise.

So, thank you for your answear, but I think that I should stop further investigation into this matter, as it seems unlikely to be a nasty program.

< EDIT > Note that I have purposefully deleted the original first two paragraphs of this post due to confusion that started in this post and continued into a later post that I have deleted entirely.  Though the rest of this post discusses issues relating to the one above containing the dialog box displaying 0 bytes for the services.exe file, I now believe this was simply a display anomaly and so of little consequence.  I'm leaving the remainder of this post only to provide context and it should otherwise be considered unimportant to any true solution.

And yes, as I mentioned above the Details tab information can easily be faked, so only a Digital Signatures tab and the certificate information contained in it can help to confirm a Microsoft system file.

Another thing I just noticed about your file is that the "storlek" (Size) of the file is listed as zero byte and the "senast andrad" (Date Modified) is blank, while both of these would typically contain at least a few MB and a valid date.

The most interesting thing to me is that even with the size of 0 byte, the file contains information in the details tab, which implies the size is being suppressed.  It's this seemingly inconsistent information that makes me most suspicious of what else this might be hiding.

It's possible that this is handled differently with Windows 7, but I would try to investigate the possibility of malware, especially a rootkit in such a case.  The fact that the file displays as 0 byte means it's either truly empty or possibly contains only Extended file attributes such as an Alternate data streams (ADS) , which I believe might be able to contain hidden malware, though I don't know whether this has been recently successfully exploited by anyone.

In any case, investigating this file on disk directly might add some information, though if it's being blocked from access by some hidden process as part of a rootkit, it might not provide anything different then we're seeing here.

Since you're using Windows 7, running a 3rd-party scanning tool like Malwarebytes Anti-Malware or another online antivirus tool that can detect rootkits might be a useful way to confirm or deny that this is the cause.

Sorry I can't help you any more than this, but I haven't had to examine such a file directly myself, so I'm only mentioning things I can reference from my own experience.

Rob

I have recently noticed that my computer is running much slower than before...

Assuming Win7 64-bit with Internet Explorer 11 (IE11) installed...

We'll need to "dig a little deeper" here. Please answer each of the following [admittedly tedious] diagnostic questions in a correspondingly-numbered list in your very next reply, preferably without quoting my post:

1a. When (approx. date) did you purchase the computer?

1b. Who manufactured the computer (e.g., Dell; HP; Sony; Lenovo)?

1c. Did Win7 64-bit come preinstalled on the computer when you bought it, did you do a clean install of Win7, or did you upgrade a (e.g., Vista; WinXP) computer to Win7?

1d. Has Windows 10 ever been installed?

1e. Have you ever done a Repair Install and/or a clean install of Windows 7?

2. What is the full name of your installed anti-virus application or security suite and when (approx. date) does your current subscription expire? What anti-spyware applications (other than Defender) are installed? What third-party firewall (if any)?

3. Has a(nother) Norton application or a McAfee application EVER been installed on the computer since you bought it?

4. Did a Norton free-trial or a McAfee free-trial [PICK ONE] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

5. Is KB3207752 and/or KB3210131 listed in Installed Updates (not Update History)? [1]

6. Assuming Java is installed => Is Java Version 8 Update 111 (or higher) installed? TEST HERE USING INTERNET EXPLORER ONLY! => http://java.com/en/download/uninstallapplet.jsp [2]

• Java Update: Patch it or pitch it
  http://krebsonsecurity.com/2014/07/java-update-patch-it-or-pitch-it/ 
  
  
• Is it time to disable/uninstall Java?
  http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html

7. Is Adobe Flash Player v24.0.0.186 installed? TEST HERE USING INTERNET EXPLORER ONLY! => http://www.adobe.com/software/flash/about/  

8a. When (exact date) was Internet Explorer 11 installed according to Installed Updates?

8b. What Update Version & KB number are displayed in the second line of text in IE11's Help | About [Alt+H+A] tab; e.g., Update Version: 11.0.99 (KB1231231) ?

8c. Is Firefox version 50.1.0 (or higher) and/or Google Chrome version 55.0.2883.87 (or higher) or any other alternate browser installed?

9. Are you in the habit of using "Registry cleaners" (e.g., Registry Mechanic; System Mechanic; RegCure; RegClean Pro; Advanced SystemCare; Total System Care; Glary Utilities; Registry Booster; McAfee QuickClean; AVG Quick Clean; AVG PC TuneUp; Norton Registry Cleaner; Norton PC Tuneup; PCTools Optimiser; SpeedUpMyPC; FixMyPC; PC Doctor; TuneUp Utilities; WinMaximizer; WinSweeper; Comodo System Cleaner; Advanced System Optimizer; CCleaner Registry Cleaner component)?

==============================================
[1] Start | Control Panel | Programs and Features | View installed updates (in left-hand menu)
[2] No need to install Java if it's not already installed!

I was thinking that as well. It seemed indeed suspicious with the size of the file and no date.

I wonder, perhaps it would be possible to turn off the process & service and see what will happen? As I assume that, if nothing happens, it would most likely not be something that the computer is in need of, and therefore perhaps a nasty-program?

If the computer is behaving weirdly after i stop the service, then I assume that it is just to restart the computer and by so, the service and process should be automatically started again.

Is this any good idé or am I thinking wrongly... do you think?

I am happy for your help on this matter. Thank you!

Hello!

Here goes...

1a. I purchased the computer about 50-55 months ago I think. A little more than two years ago or so.

1b. No one. I was ordering the parts by myself and then connected the parts to a whole computer.

1c. No. With the parts I ordered, I did order a new Win7-install. So, I did not upgrade from an older OS.

1d. No. Only Windows 7.

1e. I am not sure. Last spring my harddrive "broke", so I then installed the Windows 7. to a new harddrive that I am now using. So yes I guess.

2. I am only using Microsoft Security Essentials, and has always been. I am not sure when it expires, I think it wont?

No third party firewall or anti-spyware.

Altough... I have had a nasty-program, I do think. As I have noticed this thing in my computer... but I can not find it in the corresponding folder as in which it ought to be found.

...

The McAfee Application Installer Cleanup, I have never installed it and therefore I suppose it is a nasty-program. As well as it does not display any description. So well, I guess I might have had a anti-spyware if that McAfee counts, but I doubt it is a legit one.

3. See above. Otherwise, no.

4. Well, unless the McAfee above is legit, It did not.

5. Yes. They are both installed.

6. Well, no. I used to have the latest Java. Then I installed an older version of Java (Java 6...) because that was required for a certain application. Nowadays I use version 8 / 91 not 8 / 111;

7. It is installed... but out of date, Flash-Player is version 22,0,0,210.

8a. The date for it is 2016-04-23.

8b. This is what is shown when I go through "About Internet Explorer" inside of the browser.

I was not sure how you ment, but here can the correct KB & Version be found I suppose.

8c. Chrome is outdated and I have trid to install the new updates but it refuses to work. I am stuck on version 49.I do not have Firefox no more.

Very hard to see Vivaldi's text. But ya...

9. No. I used one like four years ago on my old computer. I have never done it on this computer. They are dangerous.

Thank you for the help! How to proceed with this information?

Hmm. I had a bit struggle with understanding the first part.

What is this system.exe file that you are talking about? Do you mean the services.exe?

I discovered it with the Task Manager.

I just found it in the system32 folder, click the link and then click at the image to show it more clearly.

The right information-window belongs to the folder and the left information-window belongs to the properties when I right clicked the service.exe from the Task Manager. They are slightly different. But when I go back to the "Allmänt"-menu, they both identical and both show the size and date. Hmm, weird I must say.

Thanks for trying to help me anyways.

Never mind my last post which I have just deleted, there's no way to improve it since I was confusing two different things based upon something in my previous post, so it's best to simply remove it and ignore that direction.

In fact, I apparently started to get off track while creating that earlier post, so it appears that the display of 0 bytes for the services.exe file in your previous post took me even further off base.  Searching again without that confusion in mind shows that Services.exe still does exist in Windows, with a few posts in other forums here containing issues relating to this file.

So since I have no real additional input at this point, I'd say just continue with PA Bear as you've begun and see if that takes you anywhere.

Rob