False Positives - srvany.exe & instsrv.exe
The following two modules are (once again) being detected as containing viruses/malware. A few months back, these were getting detected, then the detection of them as viruses/malware seemed to stop. They started getting detected again during the full and deep system scans I ran this past weekend (2 June). They were not detected in the scans run on the previous weekend (26 May).
The module names are srvany.exe and instsrv.exe. They are part of the Windows NT Resource Kit and are used to create user-defined services.
The Microsoft Knowledge Base page on these files can be found at http://support.microsoft.com/kb/137890.
Thank you.
Comments
-
In my earlier post, I neglected to enter the names of the viruses/malware being detected on those modules. They are as follows:
srvany.exe Detected: Application.Srvany.Y
instsrv.exe Detected: Application.Instsrv.C0 -
Please upload the files with the password "infected". BD VR's will take a look at them and will remove detection if necesary.
0 -
Always when you consider that you have a "clean" file on your hdd, and BitDefender sees it as a threat, UPLOAD it here.
No one can download it except our Virus Researchers.0 -
Thank you for reporting the problem. The false alarms have been removed. Please update your signatures. If you have any further problems, don't hesitate to contact us (also please attach the files concerned, because it helps to get the matters resolved faster - the attached files can only be downloaded by members of the BD virus research team, so there is no possibility that they can spread).
Best regards.0 -
Cd-Man,
Sorry to be slow to respond to this. I understand that the false alarms have been removed, but am still supplying the files originally marked as infected for your reference.
password: infected
Thank you./applications/core/interface/file/attachment.php?id=176" data-fileid="176" rel="">files4bd.zip
0 -
After not being detected for a couple of weeks, these two files are once again being flagged as viruses/malware. I have uploaded them in a previous post dated June 5th.
Thank you.0 -
Srvany.exe and instsrv.exe are still being detected as viruses/malware. Please see the zip file two posts above for the files which were uploaded on June 5.
Thank you.
Gary0 -
FPs removed and should not re-appear.
0 -
Instsrv.exe is no longer being detected.
However, as of 14 Jul 2007, srvany.exe is still being detected, but now as containing Application.Srvany.AK
It had previously been detected as Application.Srvany.Y (as recently as 7 Jul 2007).0 -
I am getting a positive on this file too (17/9/07). I'm using Bitdefender Internet Security 2008.
I'm uploading the file for you to check. It is reporting an "Application.Instsrv.F" virus./applications/core/interface/file/attachment.php?id=641" data-fileid="641" rel="">instsrv.rar
0