Author Topic: CMDOW.EXE is not a Virus!  (Read 4643 times)

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Gender: Male
  • Schecter Powa
    • Personal Message (Offline)
CMDOW.EXE is not a Virus!
« on: July 24, 2006, 01:55:09 PM »
Hi,

cmdow.exe is detected by my avast pro as a virus: Win32:Hidewindows-C [Tool]

but it's not a virus, it's a very usefull program.... is it possible to not detect it as a virus?

Thx


Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64892
  • Gender: Male
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #1 on: July 24, 2006, 02:29:59 PM »
As a workaround, use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demmand scanning):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be carefull, you should 'exclude' that many files that let your system in danger.

To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com Please, mention in the body of the message why you think it is a false positive and the password used.
The best things in life are free.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Gender: Male
  • Schecter Powa
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #2 on: July 24, 2006, 02:49:44 PM »
this program is like cmd.exe of microsoft but without the black screen... it's used for exemple to make unattended windows installation cd, or execute some programs on network without black screen....

Very useful for admins! I can't put this in exeption list for all my 300 computers on my network!

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64892
  • Gender: Male
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #3 on: July 24, 2006, 03:31:51 PM »
this program is like cmd.exe of microsoft but without the black screen...
Is it a freeware? Can we download it?
The best things in life are free.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Gender: Male
  • Schecter Powa
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #4 on: July 24, 2006, 03:35:21 PM »

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64892
  • Gender: Male
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #5 on: July 24, 2006, 03:39:43 PM »
Thanks... I'll need to wait Alwil team correct the false positive to download  :'(

By the way, as you have a large network maybe you can post in the ADNM forum in order to get help faster  8)
Click here: http://forum.avast.com/index.php?action=post;board=10.0
The best things in life are free.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Gender: Male
  • Schecter Powa
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #6 on: July 24, 2006, 03:43:56 PM »
thx very much!

Offline kareld

  • avast! team
  • Jr. Member
  • *
  • Posts: 32
  • Gender: Male
    • ALWIL Software
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #7 on: July 24, 2006, 04:13:53 PM »
The false positive is fixed in the lates virus database update. It's available for download now or very soon (minutes) since now.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Gender: Male
  • Schecter Powa
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #8 on: July 24, 2006, 04:16:06 PM »
very very great news!

thx for your great reactivity!!!

Offline DavidR

  • avast! √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #9 on: July 24, 2006, 04:22:50 PM »
The problem is the [Tool] can be used for good or for evil, so it is hard to determine which. I think they were originally airing on the side of safety.

Good that it has been resolved by the latest VPS update.

There is also another thread about cmdow http://forum.avast.com/index.php?topic=22350.0
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11566
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #10 on: July 24, 2006, 04:24:12 PM »
Is this really a false positive?

I mean, the malware name we used was "Win32:Hidewindows-C [Tool]", and the web page of the product says: "Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more."

So, it sounds to me that this was actually an intentional detection (even though questionable).


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Gender: Male
  • Schecter Powa
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #11 on: July 24, 2006, 04:27:07 PM »
But avast block me when i try to acces it or copy it or something else......


Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11566
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #12 on: July 24, 2006, 04:37:45 PM »
Yes, you're right, that's the point of detecting it. ;D

But if you're using ADNM, it would be quite straightforward to centrally put the file to the list of scan exception (not really important anymore since the definition has now been removed in VPS version 0630-1).


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Starting Graphoman
  • *****
  • Posts: 7813
  • Gender: Male
  • We are supersheep, resistance is futile!
    • RejZoR's little secrets
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #13 on: July 24, 2006, 05:00:38 PM »
Looks perfectly accurate detection to me.
It's tagged as [Tool] and even descritpion in warning dialog says it's a potentially dangerous program.
Maybe there should be a checkbox in Standard Shield settings to enable/disable these otentially dangerous programs detection (like NOD32 has for example). Still, same as Vlk, i think it's a proper detection.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Gender: Male
  • Schecter Powa
    • Personal Message (Offline)
Re: CMDOW.EXE is not a Virus!
« Reply #14 on: July 25, 2006, 07:04:49 AM »
I do not use ADNM.... because to me, Windows server sucks................

I use SME Linux distro (www.contribs.org)


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now