# What is "wscsvc", and should I disable it?



## SaiZo (Dec 18, 2011)

I am starting to experience massive problems with my machine, things stopped working (firewall, windows defender..).

Noticed this under "services": *wscsvc*, also.. There is no description. Googled it, found from Bleepingcomputer this is 'harmful' to my system. True or false?


----------



## temp02 (Dec 18, 2011)

I recall seeing some process with a name similar to that on a machine that was using a D-Link USB wireless card, but I think there was a Z somewhere on that name so I'm gonna go with the next thing that _fits_, Windows Security Center. On a XP machine I always disable it, since it gives no better "experience", hell, even on 7 I have it disabled but I don't use Security Essentials, so don't know if it's needed by MSE to run. If you are running MSE and it does not need Security Center active or if you are using other virus scan/protection suite/software, just disable Security Center and preform a full scan for virus just to be sure (remmember to update your anti-virus virus definitions before the scan).
Good luck.


----------



## Arctucas (Dec 18, 2011)

@SaiZo,

What Windows version?

I have no wscsvc in Services on Win7 x64, but I do have Security Center that references WSCSVC.

Can you run Malwarebytes or HitmanPro?


----------



## CrAsHnBuRnXp (Dec 18, 2011)

http://www.bleepingcomputer.com/startups/wscsvc.exe-12888.html

http://forums.techguy.org/general-security/853985-wscsvc-exe-problem.html

Get rid of it. Run malwarebytes.


----------



## Red_or_Dead (Dec 18, 2011)

i have it on my win7 64 system, its fine, its a windows security protocol


----------



## SaiZo (Dec 18, 2011)

Windows 7, x64. Can't reach / get into Firewall and or Windows Defender.
Thanks, will run MalwareBytes (again..), disabled app. (stopped it as well).


----------



## SaiZo (Dec 18, 2011)

Red_or_Dead said:


> i have it on my win7 64 system, its fine, its a windows security protocol



Ok.. Now what the he.. One say it is harmful, others say it's ok. So, why can't I get into firewall or defender?!??!


----------



## CrAsHnBuRnXp (Dec 18, 2011)

Red_or_Dead said:


> i have it on my win7 64 system, its fine, its a windows security protocol


I dont have it.


----------



## Kreij (Dec 18, 2011)

I have in on my machine under services.
If you right click on it and jump to processes it will take you to the process that started it.
On mine it's svchost


----------



## 95Viper (Dec 18, 2011)

Use Autoruns (part of the SysInternals from MS, now).
It will show process, services, and a lot of other info/details.
You can,also, have it verify the files.
Plus, it will allow some control over them.
If you have trouble with turning the objects/services/etc. on/off or deleting entries(careful) run as administrator.

Quote from the Autoruns program:


> wscsvc	The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer.  The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service.  The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel.  Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions.  The service also has a public API that allows external consumers to programmatically retrieve the aggregated security health state of the system.	(Verified) Microsoft Windows	c:\windows\system32\wscsvc.dll


----------



## scaminatrix (Dec 19, 2011)

Most likely the reason some places say it's "harmful" is because there has been a virus that's latched onto wscscv to evade detection or spread (if this is the right terminology). Because of this, it's sometimes been reported as infected; therefore harmful. I've noticed that some sites have said svchost is harmful lol

By the way, wscsvc is the Windows Security Center Service. At least that's what is called in my Task Manager.

EDIT: ^ I should have read all posts


----------



## johnspack (Dec 19, 2011)

I have it as well,  but only as a dll.  I think there may be an exe that masquerades as it,  and is malicious.  I have my win7 set to show all system files ect,  so that's what I find is the dll for windows security center service,  and no exes show up.


----------



## SaiZo (Dec 19, 2011)

I just can't get into windows firewall (Error code 0x80070424) start it's "advanced settings" 
(Error code 0x6D9) or start Windows Defender (Error code 0x80070424 - _The specified service does not exist as an installed service_. 

Can't install ESET. Have run MalwareBytes, and now running SUPERAntiSpyware..

Guess I'm out of hope.


----------



## Arctucas (Dec 19, 2011)

Just to be clear, when I said I dd not have a service called wscsvc, I meant running services.msc, not the services tab in taskmanager.

I do have a wscsvc in the taskmanager services tab, but it has the description of 'Security Center'.

If you cannot get antivirus applications to install, or Windows firewall or Defender to run, you may be infected.

Also try HitmanPro.

If nothing works, the best option, in my opinion, is to wipe the drive and do a fresh install of Windows.


----------



## SaiZo (Dec 19, 2011)

Arctucas said:


> Just to be clear, when I said I dd not have a service called wscsvc, I meant running services.msc, not the services tab in taskmanager.
> 
> I do have a wscsvc in the taskmanager services tab, but it has the description of 'Security Center'.
> 
> ...



Thanks for the reply... But that is an option I just can't do right now, I have no place to store some of my files.
I haven't even noticed anything, the Windows Defender was updated not long ago aswell.

Also.. I have this: Windows firewall Error code 0x80070424

*EDIT:* Alright, now we are getting somewhere! I have managed to enable Windows Defender!  
Now, let's try and get Windows Firewall working..


----------



## scaminatrix (Dec 20, 2011)

Just run Combofix and be done with it  Or re-install OS. Nothing can be as good as re-installing OS.


----------



## 95Viper (Dec 20, 2011)

Arctucas said:


> If nothing works, the best option, in my opinion, is to wipe the drive and do a fresh install of Windows.






scaminatrix said:


> Or re-install OS. Nothing can be as good as re-installing OS.


Agree there.

Sounds like you may have the same trojan that is affecting a lot of people for the past week or so.
You may not have the "Win 7 Security 2012" frontend, but, you may have the trojan, or a variant, it loads.  Just a guess, based on your problems.
If, it is, it is a nasty bugger.

You may want to read these articles:

Remove Win 7 Security 2012 (Uninstall Guide)

Win 7 Security 2012
Win 7 Security 2012 Aliases

IMO, you may want to just completely wipe everything, reinstall, and, then, scan any data you saved before using it again.

However, if you do try to save your current OS setup... 
I would recommend you:

1. Turn off and delete any system restores
2. Turn off any caching, such as, page files, hibernation files and sleep files.
3. clear out any/all temp files

As it seems be a difficult one to eradicate.
Whatever it is... good luck.


----------

