DXWnd false positive

Hi,

Avast have been reporting this program as a trojan but it is not. I’ve been using it for ages for a game call Maplestory. Please kindly update your database as a false positive.

Thanks

File Dxwnd.exe received on 2009.07.25 09:15:24 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 8/38 (21.06%) Loading server information... Your file is queued in position: 1. Estimated start time is between 40 and 57 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click “request” so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 5.0.0.2 2009.07.25 -
AntiVir 7.9.0.228 2009.07.24 -
Antiy-AVL 2.0.3.7 2009.07.24 -
Authentium 5.1.2.4 2009.07.24 -
Avast 4.8.1335.0 2009.07.24 Win32:Trojan-gen {Other}
BitDefender 7.2 2009.07.25 -
CAT-QuickHeal 10.00 2009.07.24 Trojan.Agent.ATV
ClamAV 0.94.1 2009.07.25 -
Comodo 1759 2009.07.25 -
DrWeb 5.0.0.12182 2009.07.25 Trojan.PWS.Akak.13
eSafe 7.0.17.0 2009.07.23 Suspicious File
eTrust-Vet 31.6.6640 2009.07.25 -
F-Prot 4.4.4.56 2009.07.24 -
F-Secure 8.0.14470.0 2009.07.24 -
Fortinet 3.120.0.0 2009.07.25 -
GData 19 2009.07.25 Win32:Trojan-gen {Other}
Ikarus T3.1.1.64.0 2009.07.25 -
Jiangmin 11.0.800 2009.07.25 -
K7AntiVirus 7.10.801 2009.07.24 -
Kaspersky 7.0.0.125 2009.07.25 -
McAfee 5687 2009.07.24 -
McAfee+Artemis 5687 2009.07.24 -
McAfee-GW-Edition 6.8.5 2009.07.25 Heuristic.BehavesLike.Win32.Trojan.B
Microsoft 1.4903 2009.07.25 -
NOD32 4276 2009.07.25 -
Norman 6.01.09 2009.07.24 -
nProtect 2009.1.8.0 2009.07.25 -
PCTools 4.4.2.0 2009.07.24 -
Prevx 3.0 2009.07.25 -
Rising 21.39.52.00 2009.07.25 -
Sophos 4.44.0 2009.07.25 -
Sunbelt 3.2.1858.2 2009.07.23 -
Symantec 1.4.4.12 2009.07.25 -
TheHacker 6.3.4.3.373 2009.07.24 -
TrendMicro 8.950.0.1094 2009.07.25 PAK_Generic.001
VBA32 3.12.10.9 2009.07.24 Trojan.PWS.Akak.13
ViRobot 2009.7.25.1853 2009.07.25 -
VirusBuster 4.6.5.0 2009.07.24 -
Additional information
File size: 120320 bytes
MD5…: 1d7fb232f85157405d7d13104ca95f9e
SHA1…: d64b8848989106c9f98e08bcf915a667c47e15db
SHA256: 64d74a5c69add90b3109adc71ca99e5ee1cc096618b0b5cea674774aaaad13c3
ssdeep: 3072:I/f22C+cHpXG2w4Jp1c1uHdC43P+vQHR3lBFqQ4:I/fwtHpWBui4d9PAQxA
Q
PEiD…: UPX 2.90 [LZMA] → Markus Oberhumer, Laszlo Molnar & John Reiser
TrID…: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda’s Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x47b40
timedatestamp…: 0x412ee713 (Fri Aug 27 07:47:31 2004)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x2b000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x2c000 0x1c000 0x1be00 7.91 88038566219025a2bcf2695292764829
.rsrc 0x48000 0x2000 0x1400 3.34 d098b4f9f72099209c54ddd7e5d1b008

( 14 imports )

KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
ADVAPI32.dll: RegEnumKeyA
COMCTL32.dll: -
comdlg32.dll: GetFileTitleA
GDI32.dll: BitBlt
ole32.dll: OleInitialize
OLEAUT32.dll: -
oledlg.dll: -
OLEPRO32.DLL: -
SatoW.dll: -
SHELL32.dll: DragFinish
SHLWAPI.dll: PathRemoveFileSpecA
USER32.dll: GetDC
WINSPOOL.DRV: OpenPrinterA

( 0 exports )
PDFiD.: -
RDS…: NSRL Reference Data Set

packers (F-Prot): UPX
packers (Kaspersky): PE_Patch.UPX, UPX

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Scan another file

Except from avast, other AVs detected it too. It would be more advisable if you will send the sample to ALWIL via e-mail to virus@avast.com

NOTE: Please zip & password protect the file.

I agree with L’arc.
6 other AV’s detected this as at least “suspicious”.
It is worth further investigation.

Hello falsepositive

welcome to the forums

dont forget to put the password of the zipped file in the body of the message. you can also upload the file by adding it to chest and then clicking the email to avast and do a manual update.

You can avoid all the zipping and password protecting and emailing, etc. by sending the sample from the chest.

You can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already in the chest) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Hi,

i’ve send it via the scan report as false positive part. I meant i’ve been using this for ages and suddenly after avast update yesterday, it was detected as a
virus on all the computers i had. I’m very sure its clean and hope this can be solved.

Thanks

if it is a false positive then it’ll be solved. not to worry.

I play maplestory ;D
I remember one time it flagged gameguard as a keylogger.

Its solved after the update. Thanks alot cheers :slight_smile:

Glad to know. Thank you for your help. Happy gaming.

Glad its fixed now^^

Happy Maplestory gaming^^

-AnimeLover^^

Thanks for the update, avast are usually very quick to correct an FP when identified.

Welcome to the forums.
You might want to change your screen name ‘falsepositive’ when you can I’m sure you don’t want to always be identified as ‘falsepositive’ ;D