About a week ago I downloaded PsTools 2.24 from the Sysinternals website:

http://www.sysinternals.com/index.html

The latest avast! A-V update [0602-3, 13/01/06] reports Win32:Doomber-C [Wrm], which it calls a Virus/Worm, as being present in psinfo.exe, which is a component of PsTools 2.24.

Prior to the 0602-3, 13/01/06 update, avast! did not detect this "virus/worm" and nor do any other scanning programs I use - Ad-Aware, Spybot, MSASW, ewido, Webroot Spy Sweeper, all with latest definitions.

It seems highly unlikely a program from a site of the eminence and standing of Sysinternals would contain a virus/worm.

Is this detection a false positive?

Any information regarding this matter would be appreciated.

.

EDIT:

I don't know where the emoticon comes from [I assume it is visible to others], it is not of my doing.

The detection should read "Win32:Doomber-C [Wrm]".

.

Doomber

.

The emoticon is from punctuation marks and will create the graphic if those marks show up in the right (wrong) postition in text...

That is almost certainly a false positive and may be due to signatures for the trojan being contained in the file in question... If you contact Avast, they may correct it in the next update...

The appearance of the emoticon puzzled me almost as much as the probable false positive!

I have posted to the Avast forum.

http://forum.avast.com/index.php?topic=18657.new;topicseen#new

.

False positive fixed.

The latest avast! A-V update [0602-4, 14/01/06] doesn't detect Win32:Doomber-C [Wrm] as being present in psinfo.exe

See:
http://forum.avast.com/index.php?action=display;topic=18645.0

.