Look alikes of Nvvsvc.exe

Last Updated on Sunday, 02 June 2013 13:40 Sunday, 26 December 2010 17:46

Harmful - Clones

How to detect and remove malicious look alikes of Nvvsvc.exe

A file by the name Nvvsvc.exe is found in NVIDIA Display Driver Service, and is usually located at 
C:\Windows\system32\nvvsvc.exe

I have created a video about nvvsvc.exe on youtube

Files by the name Nvvsvc.exe are also created by computer virus programs that affect the computers running on the Microsoft windows operating systems. Their analysis reports are given below.

Files found - view
%AppData%\Microsoft\nvvsvc.exe

Files found - view
%AppData%\Microsoft\nvvsvc.exe
%AppData%\Microsoft\sett.dat
%AppData%\Microsoft\Windows Media\9.0\WMSDKNSD.XML

Files found -   view
C:\Users\Benjamin\AppData\Roaming\Microsoft\Local\nvvsvc.exe

(You can also find file size, md5, sha-1 info on the above links)  

(Full path for the short folder names)

There may be more files created or downloaded by these virus programs. You can find them out. First locate and note down the "date of creation" of the malicious look alike of nvvsvc.exe, and after that, search the hard disk for other files created on that date or onward. See image.

Necessary steps to remove these virus programs

• To remove processes created by the virus program from the Task Manager.
• To search and delete files created by the virus program from the hard disk. Enable to view "hidden files and folders" before you search. Otherwise files created by the virus program inside the hidden folders will not be found.
• To remove obsolete registry keys using CCleaner.