Hi
We supply an application to hospitals which has used srvany.exe from Windows Server 2003 Resource Kit for several years to run as a service. Since last week several of our customers using Avast have complained that srvany.exe has been deleted and the service it ran deleted, Avast reporting it as Win32:Malware-gen. On jotti.org only three or four anti-virus apps report the file as risky. What we believe has happened is that malware has previously downloaded the exe to use its' designed functionality in order to create services from applications, for their nefarious purposes. (See this link for an example
https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=9304621#none.) We believe that some anti-virus such including Avast has therefore regarded it as risky and blacklisted it.
Some hospitals have understood this explanation and whitelisted the file. Others are too nervous and want us to guarantee that the file is not infected. Can you explain exactly why Avast is blacklisting this? If Avast is being over-cautious and blacklisting a Microsoft file which could be used for nefarious purposes as well as for legitimate purposes how can we get it taken off the list?
