appsvc.exe?

Discussion in 'Windows 7 Help and Support' started by kyler211, Feb 24, 2014.

  1. kyler211

    kyler211 New Member

    Joined:
    Feb 24, 2014
    Messages:
    24
    Likes Received:
    0
    it didnt change my disk space
     
  2. kyler211

    kyler211 New Member

    Joined:
    Feb 24, 2014
    Messages:
    24
    Likes Received:
    0
    ok i managed to fit it in, im scanning it now, ill leave it overnight since it looks like its gonna take a while
     
  3. kyler211

    kyler211 New Member

    Joined:
    Feb 24, 2014
    Messages:
    24
    Likes Received:
    0
    i have no idea how to get the log, the export log thing just send some stuff to my email which is not the log so i just took a picture of the scan
    [​IMG]
     
  4. patcooke

    patcooke Microsoft MVP
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    May 16, 2010
    Messages:
    5,456
    Likes Received:
    268
    Did you try running the clean button?
     
  5. kyler211

    kyler211 New Member

    Joined:
    Feb 24, 2014
    Messages:
    24
    Likes Received:
    0
    it says i need to purchase it to access that feature
     
  6. Tr1et

    Tr1et New Member

    Joined:
    Apr 15, 2014
    Messages:
    1
    Likes Received:
    0
    @kyler211, I encoutered same problem as you, I couldnt install any antivirus on my computer (yes any antivirus), malwarebyte has the same problem as you. I fixed it by run this program Windows Repair All in One (tweaking.com), let it repair and restart PC, then I can run Malwarebyte (still cant install any antivirus) and Malwarebyte report appsvc.exe is malware, quarantine it and everything back to normal.
     
  7. Fixer1234

    Fixer1234 Senior Member

    Joined:
    Aug 3, 2012
    Messages:
    481
    Likes Received:
    37
    This thread goes back a few weeks and has morphed into tangential problems. Let me go back to the original issue and raise the question of whether there is an actual problem. The original issue was that Trend Micro identified appsvc.exe as a trojan.

    First question: could appsvc.exe be a legit program on this computer. If it is supposed to be there, it would have come pre-installed as part of Lenovo ReadyComm 5. These links describe what it is, where it should be on the computer, what other files you should find with it, etc.: http://www.shouldiremoveit.com/lenovo-readycomm-5-13720-program.aspx and more comprehensive information of appsvc.exe, specifically: http://processchecker.com/file/AppSvc.exe.html
    If ReadyComm is not installed, then appsvc.exe is a trojan that shouldn't be there.

    If ReadyComm is installed, the next question is: is the appsvc.exe that you're seeing the real thing or an imposter. It could be the real thing, it could be a trojan replacement, or both could be on the computer.

    • Trend Micro may be flagging a legit program as malware. False positives are not uncommon; legit software can use some of the same programming tricks that are exploited by malware and the program gets flagged. The Trend Micro page for the trojan it claims to find identifies a specific file, doekeu.exe, that is supposed to be the issue. The only reference I can find to that file is from Trend Micro, so it is not clear whether that is a known malware file or legit software that Lenovo uses as part of ReadyComm. You could look to see if that file is actually on your computer and check with Lenovo as to whether it is part of their package.
    • Trend Micro could have found a real trojan, deleted or quarantined it, and what you are seeing now could be the real thing.
    Use Task Manager to identify the appsvc.exe that is running. Is it in the right directory, the right version number, size, etc. to be the real thing? If so, you may be chasing a false positive or a ghost that Trend Micro already fixed. If not, the one that is running is a trojan.

    Third question: should you delete it? If you are not comfortable that you have ruled out an active trojan, should you just delete the program and be done with it? ReadyComm looks like it serves a useful but not critical function. If you did delete it, your computer would continue to work, you would lose a resource to help configure and manage network connectivity. I would still follow patcooke's advice of renaming rather than deleting. If you have established that appsvc.exe is actually a trojan, it may not be critical to remove it. Trend Micro rates it low for risk and potential damage so if you are unable to remove it, it probably would not be catastrophic.


    Fourth question: how to remove it if you have determined that you should? Things that are really a threat are normally deleted or quarantined automatically. Things that are not a serious threat and/or could be a false positive are sometimes flagged for your approval to quarantine. Trend Micro should at least offer the option to handle the trojan. If not, there are several ways to proceed.

    This thread went off on a tangent regarding problems trying to load mbam. That's another issue. In terms of this trojan warning, there is no guarantee that another AV would recognize this trojan or consider it a threat. If it did, that would be a simple solution (assuming you solve the mbam problem). If it didn't, you wouldn't know whether Trend Micro was a better AV program or this trojan is really a non-issue.

    There would be several ways to disable the trojan manually. As mentioned, renaming appsvc.exe is one. Another would be to rename or delete doekeu.exe if you have determined that it should not be there. This link provides the location: http://about-threats.trendmicro.com/us/malware/TROJ_HIDEFIL.BMC

    The ReadyComm link in the second paragraph shows where the hooks are that load appsvc at startup. The link in the previous paragraph shows where the registry entries are for doekeu.exe.
     

Share This Page

Loading...