PDA

View Full Version : dbpoweramp directshow.exe malware



jack_frost
08-16-2007, 10:44 PM
I have been doing a thorough malware check on my computer, as I have been having some unexplained problems. I have been using a range of different programs, following instructions from the castlecops antispyware forum. The program PrevX identifies dbPoweramp's directshow.exe as a threat.

I have been using dbPoweramp long enough to feel confident that this is a false positive. However, I wonder if anyone has any information about this.

The message PrevX gives specifically identifies dbPoweramp in its warning message. The message is as follows:

DIRECTSHOW.EXE

This executable program has a file size of 227,328 bytes, it is most frequently called DIRECTSHOW.EXE and is most frequently located in the ?:\mda\dbpoweramp\db poweramp music converter 12\codecs\ folder.
This file is considered unsafe. It was first seen on Wednesday, May 23 2007. It has been seen frequently by 17 users in this section of the community. The file was first seen in The EUROPEAN UNION but has been seen in other locations, including The UNITED STATES.
DIRECTSHOW.EXE has yet to be seen running in this section of the community.
DIRECTSHOW.EXE has been the subject of the following behavior:
- Process creation
- Process deletion

The url of this message is:
http://info.prevx.com/aboutprogramtext.asp?LANG=english&MID=97d6d029d352dd813015e1fddedd328758e98acefd43bc 4a8d98dedf5754effb&LIC=34834DBD-1AFF-4BAE-A022-2452E57E80B3&PROFILE=PINNACLE&SV=16777784&AID=230261&CMD=appinfo&PX5=81712eba0020bc337820034705b89200b4cab166

Spoon
08-17-2007, 04:52 AM
We do not have a file called Directshow.exe, we have a codec directshow.dll

is that file in your dbpoweramp folder?

LtData
08-17-2007, 08:12 AM
Also, dMC does not use a folder called "codecs" in its installation directory.

jack_frost
08-17-2007, 08:43 PM
I have looked more closely and the file they are identifying as malware is the directshow codec installation file, dBpoweramp-Codec-DirectShow.exe, which I have stored on my computer in case I ever need to reinstall the codec.

Spoon
08-18-2007, 05:36 AM
Just a standard install file,

>Process creation

Yes installers do tend to run programs after installing.

neilthecellist
08-19-2007, 12:26 PM
Hm... Sounds like the program's exaggerating on you. Happens with a few other anti-malware programs that I know of.

Don't worry about DirectShow popping up under the PrevX monitor. Make an exception in PrevX if possible. (I wouldn't know the specifics on using PrevX, I use SpyBot S&D, CCleaner and SpywareBlaster)