False positive on copy of taskmgr.exe

[_gvm_]

Seems to be a false positive on copy of taskmgr.exe:

OS: Windows XP SP2
Browser: Firefox 3.5.5
Spybot 1.6.2.46
Last Update: 18/11/2009

In the scan result, C:\Temp\taskmgr.exe is reported as:

Smitfraud-C.: [SBI $50922C3E] Executable (File, nothing done)
\Temp\taskmgr.exe
Properties.size=135680
Properties.md5=FC160ACE21C81837692B339D230DD4BE
Properties.filedate=1092139200
Properties.filedatetext=2004-08-10 12:00:00

However, the copy of taskmgr in the "normal" location is identical, but not flagged as a problem:
PID: 2408 (2296) C:\WINDOWS\system32\taskmgr.exe
size: 135680
MD5: FC160ACE21C81837692B339D230DD4BE

The two copies are identical and, as far as I can see, this is the correct MD5
for the correct Microsoft taskmgr.exe version 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158).

I have seen reports that Smitfraud-C uses the name "taskmgr.exe", but that seems to be the only connection - as far as I can see, this file is genuine. As to why it's in C:\Temp, I suspect that it's debris from BartPE.

Thanks,

gvm

[Yodama]

hello,

thank you for reporting this issue.
I can confirm this false positive, and I can also confirm that the false positive is based on the file path.
We will narrow down the detection in this case to prevent the false positive even if files in the temp directory should be just temporary and deleted soon.