Posted 02 August 2007 - 02:23 PM
NirCmd is a command-line utility that allows writing to and deletion of values and keys in the registry. BOClean targets nircmd.exe while CF is unpacking, and while it's trying to run. Panda, Sophos and others target NirSoft tools as well.
Certain files that are part of the combofix tool such as nircmd.exe may at times be detected by some anti-virus as a "RiskTool", "Hacking tool, "Potentially unwanted tool" or even "Spyware-Adware". Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user or even remove them.
Such programs may have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others.
.Microsoft MVP - Consumer Security 2007-2015 Member of UNITE, Unified Network of Instructors and Trusted Eliminators