Started yesterday (Mar10) getting the following Avast panel:

Suspicious File Found
A suspicious file has been detected (using a heuristic method). This may be a sign of malware infection. Please allow the file to be submitted to our virus lab for analysis.

File name C:\WINDOWS\SYSTEM32\service.exe
Type: Rootkit hidden process

The file service.exe appears to be part of the Windows operating system.
The message appears about 15 minutes after system startup.
There is no other sign of virus infection (slowdown, erratic response, etc.).
The file was submitted to Avast using the checkbox in the message.
Avast Boot time scan turned up NO problems.
Spy Sweeper and The_Ultimate_Troubleshooter turned up no problems.
Process Explorer, as far as I can tell, is not reporting anything unusual.

I need to confirm SOON!! if this is indeed a false positive.

Thanks for any help you can offer.

You didn’t say what operating system you use, but I certainly don’t have service.exe in my Windows XP - only services.exe.
So, I’d say the name is rather suspicious.

Windows XP. Yeah, I see that. AND that the file was created yesterday! I have renamed it with ext 000 and will restart and see what happens next.

I think this was installed by a SanDisk utility to manage a card reader’s disk letters. I have removed the reader and uninstalled it’s program.

The system did not miss this file on restart so I deleted it.

I suggest a full scanning with avast and possibly with other tools (MBAM and Superantispyware).

Do you happen to have a Dell computer? If so, see the link below …

http://www.liutilities.com/products/wintaskspro/processlibrary/service/

Do you use Act or Act Outlook from Sage software? If so, information is at the link below …

http://www.file.net/process/act.outlook.service.exe.html

Do you use Roadbyte Smartcard? If so, information is at the link below …

http://dllinfo.dll-free-download.org/r/70109-roadbyte.smartcard.service.exe.html

If not, it is most likely malware. See the below links …

http://www.threatexpert.com/files/service.exe.html

http://www.prevx.com/filenames/1431278345653861201-X1/SERVICE2EEXE.html

http://www.greatis.com/appdata/d/Windows/s/system_service.exe.htm

I am getting the identical messages from Avast Pro a few minutes after starting the computer. I do have a Dell computer with 2 Dell 3007fp monitors. I “upgraded” from McAfee yesterday to Avast.

If I punch ignore button I then get a message - “Avast has detected a virus in the operating memory…”. If I then immediately run a regular scan, Avast finds nothing.
Likewise if I then run a boot-time scan, Avast finds nothing.

Is there any way to determine whether this particular service.exe is a “good” one or a bad one? (Isn’t this something Alwil should be scanning in more detail to eliminate FP’s?)
The other question is how can I determine whether this Operating Memory “virus” is related to service.exe, or a separate issue. Avast basically gives me no info other than I shoud shut down and run a boot-time scan, which comes up empty.

Thanks for any ideas.

upload the file to http://www.virustotal.com

Cool - thanks very much. 0 out of 39 results, so I’ll assume service.exe is not a virus. Hopefully, the Operating Memory detection is part of that. I’ll try rebooting right now and telling it to ignore service.exe - then see if that eliminates the Memory “virus”.

UPDATE - Yes, checking the Ignore permanently box also prevented the Operating Memory detection - so I’ll assume that this is an FP and all is well.

So you don’t say what your OS is either, if it is XP then there is no file of that name in that location and Igor said, suspicious in Reply #1. This is one reason why I don’t recommend always ignore, until you are 100% certain. I don’t know how to undo that change either.

This could also be trying to play on the genuine services.exe notice the spelling differs from yours.

http://www.threatexpert.com/files/service.exe.html