I have something called winservs.exe in my start up programs. Zone alarm keeps popping up and asking for access for this . I can't disable this program through start up because it just keeps coming back. I've read all about winserv.exe but winservs.exe does not have the 2 entries in the registry that winserv.exe talks about. Any way I can get rid of this annoying thing? I am using Windows98 Thanks

Don't know much but I know people suggested how to remove WINSERV.EXE manually but that was a big process. I used what is called, 'AD-AWARE' that is basically a spyware TROJAN HUNTER and it found it and cleaned it right off!! Beautiful program!!!
Here's the URL for the program called, AD-AWARE. http://www.lavasoftusa.com

Use it on a regular basis to scan your computer, you'd be surprised to see what it finds on your computer. Basically whatever it finds is good to select as a removal from your computer. Hope it works, let me know!

Run Regedit
Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

In the right panel you should see NetApp = C:\windows\system\winserv.exe

Right click on 'NetApp' and choose Delete.
Close regedit and reboot your PC.

You should now be able to delete winserv.exe (which is the trojan)

Also, since you may have had an intruder inside your pc using the trojan, change all passwords, everywhere.

I found and deleted this file and am still having the same symptoms. I run 98se and everytime the computer is idle for more than a couple of minutes it will automatically shut down as though I pressed ctl-alt-del because scan runs.

Where can I look for more versions of these types of trojan virii?

FWIW the winserv one came in first named "sear1". Another one came from a yahoo group list just this morning called margins.exe. I deleted but just like sear1 it asked if I wanted to install and I said no but it still installed.

thx fubeca12

If you have a trojan on your pc,an anti-trojan program will fix it.Bob mentioned Adaware,it is a good program.Spybot search and destroy does the same thing and more.Both are good.A site like wilders.org and webattack.com have many programs available(and reviews).You can get all kinds of security programs in those places.There are good free programs and also trial versions of pay programs.As for trojan virii info.,I don't know any sites for that.Maybe a Google search would help.Regards,JB

I am using Windows ME and discovered winservs in my startup file after noticing alot of performance problems this weekend. I was able to just move it to the Recycle Bin then delete it. I haven't had a problem since.

I, too, discovered winservs.exe in my startup folder this weekend, and removed it succesfully. There was also some form of log in the \windows\applog folder ... winservs.ldg if I remember correctly.

Has anyone identified this thing? Is it different from winserv.exe? This is the only forum where I have found ANY reference.

Winservs.exe is the executable part of a program called Purity Scan (www.purityscan.com). The software purports to scan your hard drive for pornography.

It also contains an adware element which is not currently detectable by Ad-aware (downloadable from www.lavasoftusa.com).

It is NOT a trojan, and should not be confused with the "winserv.exe" trojan. But it is intrusive and badly coded adware which takes up system resources (it seems to have a memory leak) and apparently goes out the Internet periodically to download ads.

-=Spike

I'm plagued with the same bug. Ad-Aware did not "discover" it.

This forum is also the only place I've found reference to winservs.exe.

I'm not finding any corresponding registry entries. It just resides in my Start Menu\Programs\Startup folder.

I'm wondering if it is also related to a pop-up pestilence I'm suffering. Anyone know if the ad networks clickspring.com or smni.com are involved?

I had success removing this program from my Win98 system. The task needs to be killed before it can be deleted from the Startup folder.

Use CTL-ALT-DEL to open the Close Program window. Highligtht "winservs" and click "End Task" button. Took a couple of attempts since the program doesn't respond - finally task not responding is displayed. Click "End Task" button again.

Use CTL-ALT-DEL to verify winservs is no longer in the task list.

Now you should be able to delete it from the Startup folder (Start->Programs-Startup)

Good luck.

Thank you to ms! We had been bothered by Purity Scan/winservs/sear1.exe for weeks now, unable to remove it. The CTL-ALT-DEL solution described by ms finally got rid of it.

Our system is running better without it, and Pop-up Stopper is once again effective, but our system is still operating on reduced system resources. Are there other files to look for related to this program that might still be on our computer?

Removal of purity scan was the last of several things I removed to get my system back to normal. I found programs called GATOR and CME (more ad stuff) in "C:\program files". I removed these as well. Unfortunately, GATOR is run during system startup and removing it causes an error during startup - not fatal, just annoying. Removal from the startup was a bit tricky because I had to edit the registry to remove the reference.

You might see if either of those are on your system.

ms

My system became a dissaster. Slow, Popups, Programs hardly reacted and every now and again there was this purity scan prog.
Ad-Aware did not recognise the problem. Nor did Norton Antivirus.
After I discovered that winservs was the program responsible for all this I used msconfig to shut it down. That was not that easy. I had over 20 system hangups. Anyway. After a restart I was able to remove the file. My system, Windows 98 SE, is running like it was newly installed. Removing the registry entry was easy. In my system it was hidden in the following key:HKEY_CURRENT_USER\Software\Microsoft\Windows\Current\Version\Explorer\Doc Find Spec MRU
I can't blame Kazaa. Its not on or ever been on my system.

I discovered the winservs.exe a few weeks ago in my startup group. I immediately zapped it. I'm not sure how related it is but my systems (Win2K Servers) are now thoroughly hacked. Account passwords have been changed (by the hackers), emails sent from my accounts, firewall was disabled, my machines were used to attack my Linux webservers, etc. It's been going on for weeks. If the winservs.exe is related, beware. I've logged attacks from more that sixty different IPs with up to three attacks taking place at the same time.

The easiest way to remove this annoying program is to go to task manager (Ctrl-Alt-Del) and stop the process or end the task. Then go to Start > Programs > Startup , Highligh Winservs with mouse pointer and do a right mouse click and Delete Winserv.exe.
LavaSoft ad-aware didn't delete or remove the app after several run of this app. Winservs did not do any registry pokes so you should be fine.