CoolWWWSearch.SmartSearch in directx.exe?

[tbessie]

I just ran SpyBot on my computer, and received a discovery of CoolWWWSearch.SmartSearch in C:\WINDOWS\system32\directx.exe

Could this possibly be a false positive? The file hasn't been modified in a loooong time, so I wonder what's up with that.

- Tim

[tashi]

Hello.

• Open SpyBot.
• Check for problems.
• When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.

[nashville1971]

I had the same occurrence today. I'm not sure that it is a false positive, since previous scans didn't identify directx.exe as infected with WWWCoolSearch.

Here are the brief results of scan...



CoolWWWSearch.SmartSearch: [SBI $B1EED636] Executable (File, nothing done)
C:\WINDOWS\system32\directx.exe

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start


--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-12-19 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-01-02 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-01-02 Includes\DialerC.sbi (*)
2007-12-26 Includes\Hijackers.sbi (*)
2008-01-02 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2008-01-02 Includes\KeyloggersC.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2008-01-02 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2008-01-02 Includes\PUPSC.sbi (*)
2008-01-02 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2008-01-02 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2008-01-02 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi (*)
2008-01-02 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

[Yodama]

hello nashville1971

the directx.exe appears to be a malicious file that is named so it sounds legit. I have no information about a legit file named directx.exe.

Also your Windows Security Center has been disabled, unless you did this yourself this is another hint to an infected system.

Please follow the steps in this sticky
to create a complete log file.
Please sent this log file and the directx.exe zipped to detections-at-spybot.info (replace -at- with @)

With these files we will be able to create detection rules that will help you with this infection.