Virus found in msdirectx.sys

Hi,

I have the msdirectx.sys file infected by a trojan. I quarantine this file, but I would like to know if this file can be removed safely. Avast is not able to repair it. How can I get it back not infected ?

Thanks in advance for your help.

Best regards

I forgot to tell that the virus was in an exe file in an archive and downloaded on emule.

I don’t understand why Avast didn’t detect this virus on emule (using the P2P shield) whereas it detected it on launch ?

Thanks

You can check the file online here:

http://virusscan.jotti.org/

http://www.virustotal.com/xhtml/index_en.html

if there is not virus detected for others antivirus, then it is a false positive. IF it is a false positive send the file to virus@avast.com in a password protected compressed archive. Dont forget to make a little explanation and the password.

Thanks for your answer.

Avast detected a Virus (I am sure it is not a false one) The virus is a win32:trojan-gen virus.

My question was if I could delete the infected file, and my second question was why the P2P shield didn’t deected it whereas it detected it on launch.

Nobody to help me ???

Can you Google for msdirectx.sys for more info about the file.
If your computer works, I’ll suggest to let the file in avast Chest to further analysis. It won’t bring any harm to you.

Strange… Which is your sensitivity level of Standard Shield provider?

The sensitivity level was on normal, but I put it now on high. I hope it will work. The file was zipped in a rar archive. May be it is because the file was in two archives.

Thanks for your response.

Better is use High or Customize (seeing what is configurated inside).

This could be the problem. But we need a technical confirmation of Alwil.

There shouldn’t be any problem with nested archives.
I’d say a likely explanation for not detecting the file earlier might be that the detection of this particular malware has been added only recently to the virus database, after it was already downloaded on your disk.

Hi,

No, the last version of the database was already downloaded when the archive was downloaded.

Bye

Howdy Falcon,

This is what I found up on this and this spybot has actually two hidden files, read here: http://www.antisource.com/article.php/spybot-hpsebc08-msdirectx
Go to the virus and worm section of our forum, read the sticky there first, and act according the ten steps proposed. Very anxious what your findings are. After completing these procedures post all the information in that forum section.
You can also load flister here: http://invisiblethings.org/tools.html Download, scan the zip, unpack and scan your system for bug calls. Just in case if it is what I fear it is.

Could you please verify that your emule downloads are actually being scanned?
I.e. when you download something, does the “Scan count” field of the P2P Shield provider increase?

How can I check the “scan count” ? Where is it in Avast ?

Thanks

When you click on the avast! blue tray icon, the “On-access Protection” window will appear. Click on “More details”, if not already expanded, and select the “P2P Shield” from the list of the providers. You will see the “Scanned count” and “Last scanned” items on the right side.