Need User Feedback: CoolWWWSearch.SmartSearch in directx.exe? [Archive]

View Full Version : Need User Feedback: CoolWWWSearch.SmartSearch in directx.exe?

tbessie

2007-07-08, 02:03

I just ran SpyBot on my computer, and received a discovery of CoolWWWSearch.SmartSearch in C:\WINDOWS\system32\directx.exe

Could this possibly be a false positive? The file hasn't been modified in a loooong time, so I wonder what's up with that.

- Tim

tashi

2007-07-08, 10:23

Hello.

Open SpyBot.
Check for problems.
When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.
:)

nashville1971

2008-01-05, 20:32

I had the same occurrence today. I'm not sure that it is a false positive, since previous scans didn't identify directx.exe as infected with WWWCoolSearch.

Here are the brief results of scan...

CoolWWWSearch.SmartSearch: [SBI $B1EED636] Executable (File, nothing done)
C:\WINDOWS\system32\directx.exe

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-12-19 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-01-02 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-01-02 Includes\DialerC.sbi (*)
2007-12-26 Includes\Hijackers.sbi (*)
2008-01-02 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2008-01-02 Includes\KeyloggersC.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2008-01-02 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2008-01-02 Includes\PUPSC.sbi (*)
2008-01-02 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2008-01-02 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2008-01-02 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi (*)
2008-01-02 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

Yodama

2008-01-07, 09:32

hello nashville1971

the directx.exe appears to be a malicious file that is named so it sounds legit. I have no information about a legit file named directx.exe.

Also your Windows Security Center has been disabled, unless you did this yourself this is another hint to an infected system.

Please follow the steps in this sticky (http://forums.spybot.info/showthread.php?t=19117)
to create a complete log file.
Please sent this log file and the directx.exe zipped to detections-at-spybot.info (replace -at- with @)

With these files we will be able to create detection rules that will help you with this infection.