Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Flash Disinfector detected as malware

  • Please log in to reply
4 replies to this topic

#1 ynn3j


  • Members
  • 26 posts
  • Gender:Female
  • Local time:12:39 PM

Posted 01 June 2010 - 11:39 AM

Hi just try to download Flash disinfector from BC

download link:

after running Avira keeps saying denied access malware detected...the file that appears is nircmd

tried two times its the same..try to restore object to bt once restored avira denied it right away & do a system scan after. Avira is updated...not giving me an option to allow just remove....why is avira detecting it as malware? how can i install Flash disinfector?

Im using: Windows XP SP3
IntelŪ PentiumŪ 4 CPU 1.60GHz 1.48 GB of RAM

below is details in quarantine:

File in quarantine

Filename: C:\Documents and Settings\ynn3j\...\nircmd.exe
Quarantine object: 4da8aa1b.qua
Operating System: Windows 2000/XP/VISTA Workstation
Search Engine:
Virus definition file:
Detection: Contains recognition pattern of the APPL/NirCmd
Date/Time: 6/2/2010, 0:41

Need help...thanks.

Edited by ynn3j, 02 June 2010 - 10:13 AM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,768 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:39 PM

Posted 02 June 2010 - 01:09 PM

FlashDisinfector is not malware. However, certain embedded files that are part of legitimate programs or specialized fix tools such as FlashDisinfector may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.

Common detections include nircmd.exe. NirCmd is a command-line utility that allows writing to and deletion of values and keys in the registry and is used in other specialized fix tools

Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program.

It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive". Either have your anti-virus ignore the detection or temporarily disable it until you run the tool.

As an alternative to Flash Disinfector which is an older tool, you can download and use Panda USB Vaccine which allows for computer and usb vaccination..
alternate download link 1
alternate download link 2
  • Double-click on USBVaccineSetup.exe to install the program to C:\Program Files\Panda USB Vaccine.
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key and insert your USB flash drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not.

-- USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates a hidden AUTORUN_.INF on the flash drive partition as protection against malevolent code by preventing a malicious autorun file from being installed. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 William Wilson

William Wilson

  • Members
  • 65 posts
  • Local time:12:39 PM

Posted 12 June 2010 - 04:32 AM

I agree with quietman7, Flash disinfector is not a malware and you know that it is natural for a anti-virus software to have accidental alarm.

#4 Romeo29


    Learning To Bleep

  • Members
  • 3,194 posts
  • Gender:Not Telling
  • Location:
  • Local time:12:39 PM

Posted 12 June 2010 - 06:19 AM

Avira protects USB devices itself. Why do you need flash disinfector?

Panda USB Vaccine modifies the file table of your drives, so I suggest not to use it on drives with sensitive data. (I lost my cellphone's microSD card in the process. It is no longer recognized.)
You can reverse the Panda vaccination of a drive by modifying the file table bytes but that is something for advanced geeks.

#5 chromebuster


  • Members
  • 899 posts
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:01:39 PM

Posted 29 June 2010 - 07:00 PM

Thanks for the last post. I'm a geek, and now I'll be looking that up. LOL.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users