igfxsrvc.exe Possible False Positive?

[mod60]

Avast Home edition detected C:\WINDOWS\System32\igfxsrvc.exe as a trojan following the last two virus data base updates.  This is an original WinXP system file dated 2005
Only AVAST and one other virus scan program at Jotti and Virus Total detect it as a trojan. I have sent a copy of the file to Avast.   MalwareBytes, SuperAntiSpyware, and SpyBot did not find this file to be a Trojan.  I am posting this as general info for others who may be getting the same detection.

[CharleyO]

***

Welcome to the forums, mod60.  

Thanks for sending the file to avast to help with improvements.

Please come back often.


***

[nmb]

igfxsrvc.exe is a process associated with Intel Common User Interface from Intel Corporation.It is installed with graphic card drivers with Intel chipsets.

I read somewhere that there is some kind of malware, which is knew, is infecting intel drivers. be careful.

until you hear a word from the alwil team.

nmb

[mod60]

Thanks to all for the excellent board and comments.   Here is a little more info on the file.  It is detected as Win32:Trojan-gen    The file has no Version shown in the file properties.  There is also a copy of this file in a hidden non accessible recovery partition ( D:) that is part of the original mfg installation of WinXP  That file is also detected as infected when scanned by Avast.  That is one reason that I am quite sure that it is a False Positive.  I have read that there are various versions of this file from Intel having different byte counts.  This file is 155,648 bytes.   The MD5 signature is the same as listed on the net for the file.  To run MD5 software, you will need to "Stop on access protection" temporarily to check the MDY for any files detected as a Trojan by Avast.

File Name :       igfxsrvc.exe
File Size :      155648 byte
File Type :      PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 :      2e069b7ec2e013fd1f796fab95a9e3ad
SHA1 :      f875edda3c8105f5c0ba49466b5acdfc2c97ccc1

Again thanks to all.

[polonus]

Hi mod60,

If a "non-Microsoft" .exe file is located in the C:\Windows or C:\Windows\System32 folder, then there is a high risk for a virus, spyware, trojan or worm infection! But this one you have should reside there.
See: http://www.neuber.com/taskmanager/process/igfxsrvc.exe.htm
Look here to see if your version is legit:
http://www.computer-support.nl/Systeemtaken/taakinfo/9402/igfxsrvc.exe/
And then you will conclude that the MD5 Hash of  igfxsrvc.exe you have is:
 2E069B7EC2E013FD1F796FAB95A9E3AD and that comes with version 3.0.0.4308
Driver
Part of Intel(R) Common User Interface
Vendor Intel Corporation

So high possibilty of a  FP, more than likely, so upload the file to avast to have them correct it,

polonus

[nmb]

thanks for the confirmation sir Polonus.

nmb

[mod60]

Latest iAVS has corrected this FP.

[CharleyO]

***

Thanks for posting back, mod60.

It's always nice to know a problem has been resolved.   


***