How to remove winserv.exe

» File
File Details
Overview
Analysis

winserv.exe

The module winserv.exe has been detected as Risk.RemoteAdmin

winserv.exe

Remove winserv.exe

File Details

Main Info:

Product Name:	System
Company Name:	tox
MD5:	3f4f5a6cb95047fea6102bd7d2226aa9
Size:	10 MB
First Published:	2022-07-14 23:21:03 (3 years ago)
Latest Published:	2025-08-04 23:01:08 (15 hours ago)

Analysis:

Status:	Risk.RemoteAdmin (on last analysis)
Analysis Date:	2025-08-04 23:01:08 (15 hours ago)

Common Places:

%commonappdata%

%commonappdata%

%commonappdata%

%commonappdata%

%commonappdata%

%commonappdata%

%commonappdata%

%commonappdata%

%commonappdata%

%commonappdata%

Geography:

Russia	52.7%
Ukraine	14.0%
Mexico	5.3%
Brazil	4.3%
Belarus	3.3%
Moldova	1.3%
Germany	1.3%
Colombia	1.0%
Belgium	1.0%
Kazakhstan	1.0%
Algeria	1.0%
Lithuania	1.0%
Montenegro	1.0%
Hungary	1.0%
Morocco	0.7%
Bulgaria	0.7%
Italy	0.7%
Netherlands	0.7%
Canada	0.7%
Australia	0.7%
United Kingdom	0.7%
India	0.7%
Azerbaijan	0.7%
Georgia	0.7%
Portugal	0.7%
Papua New Guinea	0.7%
France	0.7%
Luxembourg	0.3%
Turkey	0.3%
undefined	0.3%
Israel	0.3%
Poland	0.3%
Guatemala	0.3%

OS Version:

Windows 10	96.4%
Windows 7	3.6%

Analysis

PE Info:

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	32
Image Base:	0x00400000
Entry Address:	0x0077b96c

PE Sections:

Name	Size of data	MD5
.tls	10560512	2e7ca63fa88daeae7fd9830b8655abbd
.rsrc	92160	64ab199fce033650bbe20cf75c3e3597
.idata	22528	46c8ceb8f393fdd5b905455c1e58401f

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for winserv.exe

copyright for information about winserv.exe