svcmn.dll file in the folder WINNT\system32 is infected... what to do about it?

Well, I did a boot time scan. This is the message I got

File C:\WINNT\system32\svcmn.dll is infected by Win32:Small-LPT [Trj].

I first tried to repair. Said error, could not repair. So then I moved it to chest. Now… if I have system files infected and they can’t be repaired, the only solution is to replace them, correct? For example, through a full windows reinstall. What are my other options? Can I find a way to replace this file without doing a reinstall? I was under the impression that .dll files are not really vital to windows operation, that they can just be replaced if needed…

Thanks

What do you mean you have system files infected that you can’t repair, a) you are only talking about one here, b) trojans generally can’t be repaired as the complete file is malicious rather than a regular file, which has been infected and c) not all files found in the system32 folder are actually system files, it is a common dumping ground for malware.

So what are these other system files you are talking about ?

Based on a google search on the file name, many of the hits are malware related which tends to confirm this to be good detection, without further investigation.

Thanks!

There were no other system files. It was only that one that came up in the scan. I was just saying in principle, if I have system files that are infected… what can I do about it? Since this file was in the system32 folder, I thought that means it must be a system file originally installed during Win installation. So I thought that if I move it to chest, I should probably find a way to replace it or else Windows might need it for some operation, and it won’t be there.

I also did a google search on the file name b4 posting this, but did not see anything actually informative. I was not aware of what you said in b) and c)

So I can assume that it was not actually a system file but a trojan that was placed there by some malware?

Thank you

In principle, if you had system files infected (and that would be by a virus) they would need to be repaired or replaced, yes.

Thing is, not everything in Windows\System\ is always an OS file. Malware files write to this folder (and sub-folders) frequently.
Looking at the Google results for that file name, that would appear to be the case, here.

If you want to be certain, you could create a folder titled “suspicious”, exclude the folder from Avast on-access scanning, copy the file to it from the chest, and then upload it to www.virustotal.com for a multi-scanner online test.
If you do this, please post the URL of the results page. The forum posts I’ve just read concerning the file with the same name are a year or three old, so I would not be surprised if the file has already been analysed. The permalink for that analysis would be displayed.

Avast can sometimes repair a certain (limited) number of system files, in the event of actual legitimate file infection. The files that can (sometimes) be repaired have data concerning them in the “system” section of the chest. It’s pretty outdated technology, though, and won’t be included in the next version.

Generally important windows system files are verified by a security method, which if intact then they aren’t infected and avast checks for that.

I would say that it is highly likely it isn’t a system file as a google search for a windows system file I would expect to be more positive if that were the case. Moving it to the chest is by far the safest option, it can do no harm there and if required other actions can be carried out.

If you want to go a step further it is possible to confirm if a detection is good or otherwise by further analysis using virustotal as suggested.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.