Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Nircmd.exe

Started by Roadblock , Aug 01 2007 01:56 PM

Please log in to reply

4 replies to this topic

#1 Roadblock

Member

Members
148 posts

Gender:Male
Location:Canada

Posted 01 August 2007 - 01:56 PM

Hey guys i was doing a usual scan, using panda online active scan and it found a potential unwanted application called Nircmd.exe
Potentially unwanted tool: Application/NirCmd.A

I cannot find anything on this, but it never found it before.... If someone could please reply ASAP, because i think it may be harmfull if left uncured or remaining on my computer.
Thanks Roadblock

Back to top

BC Ads
BleepingComputer.com

#2 oldf@rt

Forum Addict

Members
2,609 posts

Gender:Male
Location:Avondale, Arizona USA

Posted 01 August 2007 - 02:01 PM

Here is a link to the page of the developers,

There are certain programs or utilities that may use it. We would have to know the location on your hard drive to find out why it is being found.

The name says it all -- 59 and holding permanently

**WARNING** _{Links I provide might cause brain damage}

Back to top

#3 buddy215

Forum Addict

BC Advisor
4,948 posts

Gender:Male
Location:West Tennessee

Posted 01 August 2007 - 03:43 PM

That is one of the file names found in combofix. Have you ever used it or have it on your computer?

If the man doesn't believe as we do, we say he is a crank, and that settles it. I mean, it does nowadays, because now we can't burn him.
-- Mark Twain, Following the Equator

Between believing a thing and thinking you know is only a small step and quickly taken.
-- Mark Twain, 3,000 Years Among the Microbes

Back to top

#4 Roadblock

Member

Members
148 posts

Gender:Male
Location:Canada

Posted 02 August 2007 - 11:49 AM

It was found in my C:/ Windows folder
Yeah i used Combofix last week maybe it was that.
Thanks

Edited by Roadblock, 02 August 2007 - 11:52 AM.

Back to top

#5 quietman7

Bleepin' Janitor

Global Moderator
26,099 posts

Gender:Male
Location:Virginia, USA

Posted 02 August 2007 - 02:23 PM

NirCmd is a command-line utility that allows writing to and deletion of values and keys in the registry. BOClean targets nircmd.exe while CF is unpacking, and while it's trying to run. Panda, Sophos and others target NirSoft tools as well.

Certain files that are part of the combofix tool such as nircmd.exe may at times be detected by some anti-virus as a "RiskTool", "Hacking tool, "Potentially unwanted tool" or even "Spyware-Adware". Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user or even remove them.

Such programs may have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others.

Microsoft MVP - Consumer Security 2007-2013