Avast WEBforum
Other => Viruses and worms => Topic started by: jeremielorente on July 24, 2006, 03:55:09 PM
-
Hi,
cmdow.exe is detected by my avast pro as a virus: Win32:Hidewindows-C [Tool]
but it's not a virus, it's a very usefull program.... is it possible to not detect it as a virus?
Thx
-
As a workaround, use the Exclusion lists:
For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...
For the other providers (on-demmand scanning):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...
You can use wildcards like * and ?.
But be carefull, you should 'exclude' that many files that let your system in danger.
To know if a file is a false positive, please submit it to JOTTI (http://virusscan.jotti.org/) or VirusTotal (http://www.virustotal.com/xhtml/index_en.html) and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com Please, mention in the body of the message why you think it is a false positive and the password used.
-
this program is like cmd.exe of microsoft but without the black screen... it's used for exemple to make unattended windows installation cd, or execute some programs on network without black screen....
Very useful for admins! I can't put this in exeption list for all my 300 computers on my network!
-
this program is like cmd.exe of microsoft but without the black screen...
Is it a freeware? Can we download it?
-
Sure, here:
http://www.commandline.co.uk/cmdow/
-
Thanks... I'll need to wait Alwil team correct the false positive to download :'(
By the way, as you have a large network maybe you can post in the ADNM forum in order to get help faster 8)
Click here: http://forum.avast.com/index.php?action=post;board=10.0
-
thx very much!
-
The false positive is fixed in the lates virus database update. It's available for download now or very soon (minutes) since now.
-
very very great news!
thx for your great reactivity!!!
-
The problem is the [Tool] can be used for good or for evil, so it is hard to determine which. I think they were originally airing on the side of safety.
Good that it has been resolved by the latest VPS update.
There is also another thread about cmdow http://forum.avast.com/index.php?topic=22350.0
-
Is this really a false positive?
I mean, the malware name we used was "Win32:Hidewindows-C [Tool]", and the web page of the product says: "Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more."
So, it sounds to me that this was actually an intentional detection (even though questionable).
Thanks
Vlk
-
But avast block me when i try to acces it or copy it or something else......
-
Yes, you're right, that's the point of detecting it. ;D
But if you're using ADNM, it would be quite straightforward to centrally put the file to the list of scan exception (not really important anymore since the definition has now been removed in VPS version 0630-1).
Thanks
Vlk
-
Looks perfectly accurate detection to me.
It's tagged as [Tool] and even descritpion in warning dialog says it's a potentially dangerous program.
Maybe there should be a checkbox in Standard Shield settings to enable/disable these otentially dangerous programs detection (like NOD32 has for example). Still, same as Vlk, i think it's a proper detection.
-
I do not use ADNM.... because to me, Windows server sucks................
I use SME Linux distro (www.contribs.org)