Author Topic: CMDOW.EXE is not a Virus!  (Read 5378 times)

0 Members and 1 Guest are viewing this topic.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Schecter Powa
CMDOW.EXE is not a Virus!
« on: July 24, 2006, 03:55:09 PM »
Hi,

cmdow.exe is detected by my avast pro as a virus: Win32:Hidewindows-C [Tool]

but it's not a virus, it's a very usefull program.... is it possible to not detect it as a virus?

Thx


Online Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65878
Re: CMDOW.EXE is not a Virus!
« Reply #1 on: July 24, 2006, 04:29:59 PM »
As a workaround, use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demmand scanning):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be carefull, you should 'exclude' that many files that let your system in danger.

To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com Please, mention in the body of the message why you think it is a false positive and the password used.
The best things in life are free.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Schecter Powa
Re: CMDOW.EXE is not a Virus!
« Reply #2 on: July 24, 2006, 04:49:44 PM »
this program is like cmd.exe of microsoft but without the black screen... it's used for exemple to make unattended windows installation cd, or execute some programs on network without black screen....

Very useful for admins! I can't put this in exeption list for all my 300 computers on my network!

Online Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65878
Re: CMDOW.EXE is not a Virus!
« Reply #3 on: July 24, 2006, 05:31:51 PM »
this program is like cmd.exe of microsoft but without the black screen...
Is it a freeware? Can we download it?
The best things in life are free.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Schecter Powa
Re: CMDOW.EXE is not a Virus!
« Reply #4 on: July 24, 2006, 05:35:21 PM »

Online Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65878
Re: CMDOW.EXE is not a Virus!
« Reply #5 on: July 24, 2006, 05:39:43 PM »
Thanks... I'll need to wait Alwil team correct the false positive to download  :'(

By the way, as you have a large network maybe you can post in the ADNM forum in order to get help faster  8)
Click here: http://forum.avast.com/index.php?action=post;board=10.0
The best things in life are free.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Schecter Powa
Re: CMDOW.EXE is not a Virus!
« Reply #6 on: July 24, 2006, 05:43:56 PM »
thx very much!

Offline kareld

  • Avast team
  • Jr. Member
  • *
  • Posts: 32
    • ALWIL Software
Re: CMDOW.EXE is not a Virus!
« Reply #7 on: July 24, 2006, 06:13:53 PM »
The false positive is fixed in the lates virus database update. It's available for download now or very soon (minutes) since now.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Schecter Powa
Re: CMDOW.EXE is not a Virus!
« Reply #8 on: July 24, 2006, 06:16:06 PM »
very very great news!

thx for your great reactivity!!!

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 71862
  • No support PMs thanks
Re: CMDOW.EXE is not a Virus!
« Reply #9 on: July 24, 2006, 06:22:50 PM »
The problem is the [Tool] can be used for good or for evil, so it is hard to determine which. I think they were originally airing on the side of safety.

Good that it has been resolved by the latest VPS update.

There is also another thread about cmdow http://forum.avast.com/index.php?topic=22350.0
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2218 R2-SP2/ Outpost Firewall Pro9.1/ Firefox 38.0.1, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.6/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11597
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: CMDOW.EXE is not a Virus!
« Reply #10 on: July 24, 2006, 06:24:12 PM »
Is this really a false positive?

I mean, the malware name we used was "Win32:Hidewindows-C [Tool]", and the web page of the product says: "Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more."

So, it sounds to me that this was actually an intentional detection (even though questionable).


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Schecter Powa
Re: CMDOW.EXE is not a Virus!
« Reply #11 on: July 24, 2006, 06:27:07 PM »
But avast block me when i try to acces it or copy it or something else......


Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11597
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: CMDOW.EXE is not a Virus!
« Reply #12 on: July 24, 2006, 06:37:45 PM »
Yes, you're right, that's the point of detecting it. ;D

But if you're using ADNM, it would be quite straightforward to centrally put the file to the list of scan exception (not really important anymore since the definition has now been removed in VPS version 0630-1).


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 8111
  • We are supersheep, resistance is futile!
    • RejZoR's little secrets
Re: CMDOW.EXE is not a Virus!
« Reply #13 on: July 24, 2006, 07:00:38 PM »
Looks perfectly accurate detection to me.
It's tagged as [Tool] and even descritpion in warning dialog says it's a potentially dangerous program.
Maybe there should be a checkbox in Standard Shield settings to enable/disable these otentially dangerous programs detection (like NOD32 has for example). Still, same as Vlk, i think it's a proper detection.

Offline jeremielorente

  • Newbie
  • *
  • Posts: 15
  • Schecter Powa
Re: CMDOW.EXE is not a Virus!
« Reply #14 on: July 25, 2006, 09:04:49 AM »
I do not use ADNM.... because to me, Windows server sucks................

I use SME Linux distro (www.contribs.org)