Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rkill keeps seeing srvany.exe


  • Please log in to reply
7 replies to this topic

#1 cavi

cavi

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 31 July 2013 - 12:51 PM

rkill keeps seeing srvany.exe and stopping it when I run rkill.  Is this an issue or sign of a problem?


Edited by hamluis, 31 July 2013 - 01:09 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 AM

Posted 31 July 2013 - 12:58 PM

Did you tried MBAM?

 

Can you give the exact location of the srvany.exe?

 

:step1: Install and run MBAM


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 cavi

cavi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 31 July 2013 - 01:00 PM

the file is under windows/syswow64/srvany.exe

And mygabytes did not find anything.  I just did not see this in the past



#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:39 AM

Posted 31 July 2013 - 01:03 PM

You can get it analysed by Virustotal ==> https://www.virustotal.com/en/

 

It will checked by many different viruses databases. 


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:39 PM

Posted 31 July 2013 - 01:08 PM

FWIW:  http://www.neuber.com/taskmanager/process/srvany.exe.html

 

My questions is...why are you running Rkill? What makes you think that your system may be infected?

 

Louis



#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:39 PM

Posted 31 July 2013 - 01:08 PM

Srvany is a file that can be used to create custom user defined services.

http://support.microsoft.com/kb/137890/en-us

Did you install it ? If the file is not signed and running under the Windows folder it will be termianted.

#7 diaz209

diaz209

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jamaica
  • Local time:06:39 PM

Posted 02 August 2013 - 02:50 PM

I have this same fill its 8kb, in the system32 folder, and not signed by MS

modified: ‎Friday: ‎April ‎18, ‎2003,

created: ‎Monday, ‎August ‎02, ‎2010

according to virus total no detection but the user rating system on the result page has alot of negative user rating

then i read some blog that said it was so activator for office(some key or crack)

alot of mixed results so far 



#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:39 PM

Posted 02 August 2013 - 03:42 PM

Srvany is a legitimate file.  It allows you create a Windows service out of an executable not normally designed to be a service.

 

You need to use a program like autoruns, click on the services tab, and then scroll through them till you find the one using srvany in the imagepath.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users