Most antivirus programs identify winsrv.exe as malware—for example Kaspersky identifies it as Backdoor.Win32.SdBot.mgu, and McAfee identifies it as Artemis!917BA056A081.
The free file information forum can help you find out how to remove it. If you have additional information about this file, please leave a comment or a suggestion for other users.
The process known as iSafeCW or Ecodsoft or iSafe or AthTek Kelogger
appears to belong to software iSafeCW or Ecodsoft or iSafe or AthTek Kelogger
by iSafesoft (www.isafesoft.com) or Ecodsoft (www.ecodsoft.com) or AthTek Kelogger (www.athtek.com).
Description: Winsrv.exe is not essential for Windows and will often cause problems. Winsrv.exe is located in a subfolder of "C:\Program Files".
Known file sizes on Windows 10/8/7/XP are 1,793,024 bytes (40% of all occurrences), 3,098,112 bytes or 3,097,600 bytes.
The program is not visible. It is not a Windows system file. The program is loaded during the Windows boot process (see Registry key: MACHINE\Run, Winlogon\Shell). It is able to record keyboard inputs. Winsrv.exe is able to record keyboard and mouse inputs. Therefore the technical security rating is 83% dangerous, however you should also read the user reviews.
Recommended: Identify winsrv.exe related errors
If winsrv.exe is located in the C:\Windows\System32\drivers folder, the security rating is 100% dangerous. The file size is 714,752 bytes. The application has no file description. It is located in the Windows folder, but it is not a Windows core file. The program has no visible window. The software is loaded during the Windows boot process (see Registry key: MACHINE\Run, Winlogon\Shell). The software listens for or sends data on open ports to a LAN or the Internet. The file is not a Windows system file. Winsrv.exe is able to hide itself and monitor applications.
If winsrv.exe is located in a subfolder of the user's profile folder, the security rating is 31% dangerous. The file size is 1,716,736 bytes. The process starts when Windows starts (see Registry key: MACHINE\Run, Winlogon\Shell). The file is not a Windows system file. Winsrv.exe is able to record keyboard and mouse inputs and monitor applications.
If winsrv.exe is located in a subfolder of C:\, the security rating is 100% dangerous. The file size is 3,022,336 bytes.
If winsrv.exe is located in a subfolder of C:\Windows, the security rating is 76% dangerous. The file size is 1,716,736 bytes.
If winsrv.exe is located in the C:\Windows\System32 folder, the security rating is 80% dangerous. The file size is 231,832 bytes.
If winsrv.exe is located in a subfolder of C:\Windows\System32, the security rating is 80% dangerous. The file size is 3,022,336 bytes.
External information from Paul Collins:
There are different files with the same name:
Important: You should check the winsrv.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.
The following programs have also been shown useful for a deeper analysis: Security Task Manager examines the active winsrv process on your computer and clearly tells you what it is doing. Malwarebytes' well-known anti-malware tool tells you if the winsrv.exe on your computer displays annoying ads, slowing it down. This type of unwanted adware program is not considered by some antivirus software to be a virus and is therefore not marked for cleanup.
A clean and tidy computer is the key requirement for avoiding PC trouble. This means running a scan for malware, cleaning your hard drive using cleanmgr and sfc /scannow, uninstalling programs that you no longer need, checking for Autostart programs (using msconfig) and enabling Windows' Automatic Update. Always remember to perform periodic backups, or at least to set restore points.
Should you experience an actual problem, try to recall the last thing you did, or the last thing you installed before the problem appeared for the first time. Use the resmon command to identify the processes that are causing your problem. Even for serious problems, rather than reinstalling Windows, you are better off repairing of your installation or, for Windows 8 and later versions, executing the DISM.exe /Online /Cleanup-image /Restorehealth command. This allows you to repair the operating system without losing data.