Windows 7 appsvc.exe?
- Thread starter kyler211
- Start date
@kyler211, I encoutered same problem as you, I couldnt install any antivirus on my computer (yes any antivirus), malwarebyte has the same problem as you. I fixed it by run this program Windows Repair All in One (tweaking.com), let it repair and restart PC, then I can run Malwarebyte (still cant install any antivirus) and Malwarebyte report appsvc.exe is malware, quarantine it and everything back to normal.
This thread goes back a few weeks and has morphed into tangential problems. Let me go back to the original issue and raise the question of whether there is an actual problem. The original issue was that Trend Micro identified appsvc.exe as a trojan.
First question: could appsvc.exe be a legit program on this computer. If it is supposed to be there, it would have come pre-installed as part of Lenovo ReadyComm 5. These links describe what it is, where it should be on the computer, what other files you should find with it, etc.: http://www.shouldiremoveit.com/lenovo-readycomm-5-13720-program.aspx and more comprehensive information of appsvc.exe, specifically: http://processchecker.com/file/AppSvc.exe.html
If ReadyComm is not installed, then appsvc.exe is a trojan that shouldn't be there.
If ReadyComm is installed, the next question is: is the appsvc.exe that you're seeing the real thing or an imposter. It could be the real thing, it could be a trojan replacement, or both could be on the computer.
Third question: should you delete it? If you are not comfortable that you have ruled out an active trojan, should you just delete the program and be done with it? ReadyComm looks like it serves a useful but not critical function. If you did delete it, your computer would continue to work, you would lose a resource to help configure and manage network connectivity. I would still follow patcooke's advice of renaming rather than deleting. If you have established that appsvc.exe is actually a trojan, it may not be critical to remove it. Trend Micro rates it low for risk and potential damage so if you are unable to remove it, it probably would not be catastrophic.
Fourth question: how to remove it if you have determined that you should? Things that are really a threat are normally deleted or quarantined automatically. Things that are not a serious threat and/or could be a false positive are sometimes flagged for your approval to quarantine. Trend Micro should at least offer the option to handle the trojan. If not, there are several ways to proceed.
This thread went off on a tangent regarding problems trying to load mbam. That's another issue. In terms of this trojan warning, there is no guarantee that another AV would recognize this trojan or consider it a threat. If it did, that would be a simple solution (assuming you solve the mbam problem). If it didn't, you wouldn't know whether Trend Micro was a better AV program or this trojan is really a non-issue.
There would be several ways to disable the trojan manually. As mentioned, renaming appsvc.exe is one. Another would be to rename or delete doekeu.exe if you have determined that it should not be there. This link provides the location: http://about-threats.trendmicro.com/us/malware/TROJ_HIDEFIL.BMC
The ReadyComm link in the second paragraph shows where the hooks are that load appsvc at startup. The link in the previous paragraph shows where the registry entries are for doekeu.exe.
First question: could appsvc.exe be a legit program on this computer. If it is supposed to be there, it would have come pre-installed as part of Lenovo ReadyComm 5. These links describe what it is, where it should be on the computer, what other files you should find with it, etc.: http://www.shouldiremoveit.com/lenovo-readycomm-5-13720-program.aspx and more comprehensive information of appsvc.exe, specifically: http://processchecker.com/file/AppSvc.exe.html
If ReadyComm is not installed, then appsvc.exe is a trojan that shouldn't be there.
If ReadyComm is installed, the next question is: is the appsvc.exe that you're seeing the real thing or an imposter. It could be the real thing, it could be a trojan replacement, or both could be on the computer.
- Trend Micro may be flagging a legit program as malware. False positives are not uncommon; legit software can use some of the same programming tricks that are exploited by malware and the program gets flagged. The Trend Micro page for the trojan it claims to find identifies a specific file, doekeu.exe, that is supposed to be the issue. The only reference I can find to that file is from Trend Micro, so it is not clear whether that is a known malware file or legit software that Lenovo uses as part of ReadyComm. You could look to see if that file is actually on your computer and check with Lenovo as to whether it is part of their package.
- Trend Micro could have found a real trojan, deleted or quarantined it, and what you are seeing now could be the real thing.
Third question: should you delete it? If you are not comfortable that you have ruled out an active trojan, should you just delete the program and be done with it? ReadyComm looks like it serves a useful but not critical function. If you did delete it, your computer would continue to work, you would lose a resource to help configure and manage network connectivity. I would still follow patcooke's advice of renaming rather than deleting. If you have established that appsvc.exe is actually a trojan, it may not be critical to remove it. Trend Micro rates it low for risk and potential damage so if you are unable to remove it, it probably would not be catastrophic.
Fourth question: how to remove it if you have determined that you should? Things that are really a threat are normally deleted or quarantined automatically. Things that are not a serious threat and/or could be a false positive are sometimes flagged for your approval to quarantine. Trend Micro should at least offer the option to handle the trojan. If not, there are several ways to proceed.
This thread went off on a tangent regarding problems trying to load mbam. That's another issue. In terms of this trojan warning, there is no guarantee that another AV would recognize this trojan or consider it a threat. If it did, that would be a simple solution (assuming you solve the mbam problem). If it didn't, you wouldn't know whether Trend Micro was a better AV program or this trojan is really a non-issue.
There would be several ways to disable the trojan manually. As mentioned, renaming appsvc.exe is one. Another would be to rename or delete doekeu.exe if you have determined that it should not be there. This link provides the location: http://about-threats.trendmicro.com/us/malware/TROJ_HIDEFIL.BMC
The ReadyComm link in the second paragraph shows where the hooks are that load appsvc at startup. The link in the previous paragraph shows where the registry entries are for doekeu.exe.
Similar threads
