We received the file WINSRV64.EXE and detected that WINSRV64.EXE is not good.
WINSRV64.EXE is Adware. You should remove the file WINSRV64.EXE.
Kill the process WINSRV64.EXE and remove WINSRV64.EXE from Windows.
Malware Analysis of WINSRV64.EXE
Full path on a computer: %Local Appdata%\Microsoft\winsrv64\winsrv64.exe
Detected by UnHackMe:
WINSRV64.EXE
Default location: %Local Appdata%\Microsoft\winsrv64\winsrv64.exe
Removal Results: Success
Number of reboot: 1
WINSRV64.EXE is known as:
Adware.WindowsLiveProtect, AdWare.ACP
WINSRV64.EXE hash:
- MD5: 6938cbc9b0a5a3360525d92e66839d41
How to quickly detect WINSRV64.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{170A20D3-F81A-4195-A8CA-6CD0638ABB44}\InprocServer32\: “C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\winsrv64\WINSRV~1.DLL”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WindowSRV64: “%Local Appdata%\Microsoft\winsrv64\winsrv64.exe”
Folders:- %Local Appdata%\Microsoft\winsrv64
Files:- %Local Appdata%\Microsoft\winsrv64\unins000.dat
- %Local Appdata%\Microsoft\winsrv64\unins000.exe
- %Local Appdata%\Microsoft\winsrv64\wincl.exe
- %Local Appdata%\Microsoft\winsrv64\winsrv64.dat
- %Local Appdata%\Microsoft\winsrv64\winsrv64.exe
- %Local Appdata%\Microsoft\winsrv64\winsrv64_v1.dll