False positive (directx.exe) Win32:SdBot-3607 [Trj]

File Name: C:\Windows\System32\directx.exe
FileID: 40
Virus Description: Win32:SdBot-3607 [Trj]

BitDefender and Ewido do not show it as infected.
VirusTotal and Jotti are qeued…

VirusTotal report…

Strange, SdBot-3607 was added like a month ago… Can you send me the file, please?

Now I’m worried… is it a legit file? :o
I’ve sent it to you with the password virus.

Please, don’t use this WinZip encryption for such files… stick to the standard ZIP one :wink:

Anyway, I think the detection is correct; this doesn’t look like a legit file.

Thanks Igor.
Just to mention that Ewido, BitDefender, a-squared missed it.
avast have got further… I’m impressed with the ‘detection improvement’… :wink:
Keep the good work…

It’s certanly a correct detection. There is no such file as directx.exe.
DirectX is using file called dxdiag.exe …

Yeah. Thanks for the confirmation RejZor.
Isn’t it better that avast detection is growing up?

It sure is ;D
I’d ask, however, how the file got there…

Specially when I don’t remember to have turned off the Standard Shield ::slight_smile: ???
Generally, all my downloads are scanned on-demmand with ashQuick.exe too ??? ::slight_smile:

Yes very interesting, how did it get into the system32 folder, I thought you were using vista beta and that has the restricted right function ?

Perhaps you need to look at the dropmyrights link in my signature ;D ;D

In fact, I run Win XP SP2, Kubuntu 6.06.1, Vista Beta, in a multiboot system.
The infection was in Windows XP.
Even I have scheduled on-demmand scanning daily of the System32 folder… ??? ::slight_smile: