srvany exe infected with trojan? advice..

OK. Hellou. I would need advice on this little bugger called srvany.exe .

It has never caused alert by the avast but now the avast shield said it has been infected with Win32:trojano-1512.

Should I be conserned about this …srvany has been on my system for few years. And what is this win32:trojano-1512.

it´s in the quarantine now…

It would be helpful if you provided more information, like the location it was found, example (C:\windows\system32\infected-filename.xxx)?

You obviously know what program it is that uses it, you didn’t say?

srvany - srvany.exe - Process Information

Process File: srvany or srvany.exe
Process Name: Srvany

Description:
srvany.exe is an additional Microsoft Windows application which allows an executable to be ran as a service. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

same alert since today but I think it’s a false alert so I ignored it.
windows/system32/srvany.exe is used to run any program as a windows service so
if you delete it some of your custom service could not be launch
(http://www.windowsitpro.com/Article/ArticleID/7959/7959.html)

http://virusscan.jotti.org/ seems to confirm my opinion

anyone can confirm it’s a false alert?

taz

You have already done part of the job/confirmation using Jotti, send it to avast as I outlined above so they can check it and adjust the VPS as required.

I’ve just sent the mail,
I hope they’ll fix the vps.
bye

You can add it to the exclusions in the Standard Shield Advanced tab as a temporary measure.

thank you for the advice … Seems like thinkandzap had the same problem exactly… mine was also in system folder… infected file was srvany… ok … No need to trouble the avast people anymore so if U get the answer what they said about the thread then please post the answer here… so all (and me) will know if it´s safe to ignore. Thanks allready.