cmdow.exe

[bump]

Avast is reporting cmdow.exe as virus. The little bits of info that I see on the internet suggests that it is not a virus.

Anyone know if this is a virus or not?

What's the recommended action?

Avast recommends virus chest. But why not just delete it?

[Lisandro]

Avast is reporting cmdow.exe as virus. The little bits of info that I see on the internet suggests that it is not a virus.
Anyone know if this is a virus or not? What's the recommended action?

To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used.

Avast recommends virus chest. But why not just delete it?

From Chest you can restore the file after... deleting no...
And if it is a false positive, I mean, not a real infection, you would regret to did not send the file to Chest... 

[DavidR]

If you showed the virus name it may have helped as it is likely to have the suffix [Tool] ate the end. This indicates the file can be used for a purpose that can be good or evil and the problem is how does your AV tell the purpose, it can't so avast notifies you and you investigate it.

See this link http://www.commandline.co.uk/cmdow/

Some anti-virus software vendors now classify cmdow.exe as a hacking tool because it can hide windows. A hacking tool is NOT a virus.
:
:
Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more.

That said about a hacking tool not being a virus (in the true sense), no it isn't but it could be used for malicious purposes, so if you know you installed it no problem otherwise it would be riskware, etc.

[fredwe]

Avast recommends virus chest. But why not just delete it?

From Chest you can restore the file after... deleting no...
And if it is a false positive, I mean, not a real infection, you would regret to did not send the file to Chest... 

Hello the team.

About cmdow.exe and the fact it's a false positive, this is a really big problem, chest of not chest: if I Want to use cmdow.exe, I MUST deactivate Avast Anti-virus, this is the only solution. I always use this tool to create update CD of Windows XP, but if Avast AV must be deactivated each time I work, does it mean I have to change my anti-virus ? It's a REAL problem ! I guess in the very near future Avast AV will recognize this tool and will NOT send it to the chest, or anywhere else, becasue it's a TOOL, only a TOOL ! format.exe is also a tool you know  !

Best regards from south of France to all the team and the members of this forum  ....

[Lisandro]

If I Want to use cmdow.exe, I MUST deactivate Avast Anti-virus, this is the only solution.

No, use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demmand scanning):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be carefull, you should 'exclude' that many files that let your system in danger.

[fredwe]

If I Want to use cmdow.exe, I MUST deactivate Avast Anti-virus, this is the only solution.

No, use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demmand scanning):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be carefull, you should 'exclude' that many files that let your system in danger.

  Why didn't I see this so useful option ? So, go on with Avast AV, the best choice of all time !
Thanks a lot for you quick reply and your great help !

[Lisandro]

Why didn't I see this so useful option ? So, go on with Avast AV, the best choice of all time !
Thanks a lot for you quick reply and your great help !

It was providential... this way you can use the forums, learn and join the family 
Welcome 

[DavidR]

This has now been corrected in the 0630-1 VPS update released today. So you should be able to remove it from your exclusions lists.

[fredwe]

This has now been corrected in the 0630-1 VPS update released today. So you should be able to remove it from your exclusions lists.

And in fact this is the same problem for tools from Nirsoft (http://www.nirsoft.com/): mailpv.exe, mspass.exe, netpass.exe

[DavidR]

Then follow the same procedure, virustotal, jotti and submission to avast! as previously suggested.
avast now has a number of tools that are detected as [tool] after the virus name to indicate that it is a tool which could be used maliciously as well as for good. A chisel in the hands of a artist can produce works of art, that same tool in the hands of a madman can produce destruction, the problem is identifying its use/purpose.

[jamie]

i installed comodo firewall and got the same
alert ? came up as a trojen ?

which was also CMDOW.exe