services.exe - Service Manager
The Windows Service Control Manager (SCM) process, services.exe, is responsible for managing the various system-level services that support various components of the OS. It's responsible for starting services that are listed as "automatic" in the Services control panel when the machine is booted, and for shutting these same services down cleanly before the machine is powered off. Additionally, services.exe will automatically restart any services that are terminated incorrectly (i.e. from Task Manager) in order to maintain a stable operating environment. If a user needs to terminate a service, the Services control panel (services.msc) should be used; otherwise services.exe will view the service as crashed and will attempt to restart it.Activity logging on the part of the SCM can be found in the System tab of the Windows Event Viewer. Messages with a "Source" of Service Control Manager reflect changes to running services. If various services on your machine are entering an undesirable state, the Event Viewer may provide assistance when determining the origin of the problem.
Services.exe is a legitimate and very necessary component of the Windows OS. It should not be halted, altered, or disabled in any way since this may result in an unstable machine. The valid copy of services.exe can be found in C:\windows\system32. Copies of this file found in other directories denote the presence of malware such as a virus or keylogger. Several known malware applications attempt to hijack the services.exe file name, while others are named "service.exe" (no "s" at the end). These are known to include W32/Leave.B, W32.Randex.R, W32.HLLW.Kazping, and W32.XTC.Worm (as designated by Symantec).
The legitimate copy of services.exe should always run under the SYSTEM user ID when viewed in Task Manager. Copies that run under another user ID are almost certainly viruses and should be examined closely.
As always, if you suspect a malware infestation you should download and run a current copy of an antivirus/malware scanner in order to isolate and remove the offending application. Be sure to obtain the most recent definition files, since these are critical to the removal of current malware variants.
windowshelp.net