Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nircmd.exe


  • Please log in to reply
4 replies to this topic

#1 Roadblock

Roadblock

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:57 AM

Posted 01 August 2007 - 01:56 PM

Hey guys i was doing a usual scan, using panda online active scan and it found a potential unwanted application called Nircmd.exe
Potentially unwanted tool: Application/NirCmd.A

I cannot find anything on this, but it never found it before.... If someone could please reply ASAP, because i think it may be harmfull if left uncured or remaining on my computer.
Thanks Roadblock

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:01:57 AM

Posted 01 August 2007 - 02:01 PM

Here is a link to the page of the developers,

There are certain programs or utilities that may use it. We would have to know the location on your hard drive to find out why it is being found.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 buddy215

buddy215

  • BC Advisor
  • 6,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:57 AM

Posted 01 August 2007 - 03:43 PM

That is one of the file names found in combofix. Have you ever used it or have it on your computer?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#4 Roadblock

Roadblock
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:04:57 AM

Posted 02 August 2007 - 11:49 AM

It was found in my C:/ Windows folder
Yeah i used Combofix last week maybe it was that.
Thanks

Edited by Roadblock, 02 August 2007 - 11:52 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,867 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:57 AM

Posted 02 August 2007 - 02:23 PM

NirCmd is a command-line utility that allows writing to and deletion of values and keys in the registry. BOClean targets nircmd.exe while CF is unpacking, and while it's trying to run. Panda, Sophos and others target NirSoft tools as well.

Certain files that are part of the combofix tool such as nircmd.exe may at times be detected by some anti-virus as a "RiskTool", "Hacking tool, "Potentially unwanted tool" or even "Spyware-Adware". Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user or even remove them.

Such programs may have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users