Author Topic: cmdow.exe  (Read 11382 times)

0 Members and 1 Guest are viewing this topic.

bump

  • Guest
cmdow.exe
« on: July 21, 2006, 10:31:03 PM »
Avast is reporting cmdow.exe as virus. The little bits of info that I see on the internet suggests that it is not a virus.

Anyone know if this is a virus or not?

What's the recommended action?

Avast recommends virus chest. But why not just delete it?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: cmdow.exe
« Reply #1 on: July 21, 2006, 11:06:21 PM »
Avast is reporting cmdow.exe as virus. The little bits of info that I see on the internet suggests that it is not a virus.
Anyone know if this is a virus or not? What's the recommended action?
To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used.

Avast recommends virus chest. But why not just delete it?
From Chest you can restore the file after... deleting no...
And if it is a false positive, I mean, not a real infection, you would regret to did not send the file to Chest...  ;)
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89443
  • No support PMs thanks
Re: cmdow.exe
« Reply #2 on: July 22, 2006, 12:01:18 AM »
If you showed the virus name it may have helped as it is likely to have the suffix [Tool] ate the end. This indicates the file can be used for a purpose that can be good or evil and the problem is how does your AV tell the purpose, it can't so avast notifies you and you investigate it.

See this link http://www.commandline.co.uk/cmdow/
Quote
Some anti-virus software vendors now classify cmdow.exe as a hacking tool because it can hide windows. A hacking tool is NOT a virus.
:
:
Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more.

That said about a hacking tool not being a virus (in the true sense), no it isn't but it could be used for malicious purposes, so if you know you installed it no problem otherwise it would be riskware, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

fredwe

  • Guest
Re: cmdow.exe
« Reply #3 on: July 23, 2006, 07:29:42 PM »
Avast recommends virus chest. But why not just delete it?
From Chest you can restore the file after... deleting no...
And if it is a false positive, I mean, not a real infection, you would regret to did not send the file to Chest...  ;)
Quote
Hello the team.

About cmdow.exe and the fact it's a false positive, this is a really big problem, chest of not chest: if I Want to use cmdow.exe, I MUST deactivate Avast Anti-virus, this is the only solution. I always use this tool to create update CD of Windows XP, but if Avast AV must be deactivated each time I work, does it mean I have to change my anti-virus ? It's a REAL problem ! I guess in the very near future Avast AV will recognize this tool and will NOT send it to the chest, or anywhere else, becasue it's a TOOL, only a TOOL ! format.exe is also a tool you know  ;) !

Best regards from south of France to all the team and the members of this forum  ....

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: cmdow.exe
« Reply #4 on: July 23, 2006, 07:41:22 PM »
If I Want to use cmdow.exe, I MUST deactivate Avast Anti-virus, this is the only solution.
No, use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demmand scanning):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be carefull, you should 'exclude' that many files that let your system in danger.
The best things in life are free.

fredwe

  • Guest
Re: cmdow.exe
« Reply #5 on: July 23, 2006, 08:56:58 PM »
If I Want to use cmdow.exe, I MUST deactivate Avast Anti-virus, this is the only solution.
No, use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demmand scanning):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be carefull, you should 'exclude' that many files that let your system in danger.

 :) :) :) Why didn't I see this so useful option ? So, go on with Avast AV, the best choice of all time !
Thanks a lot for you quick reply and your great help !

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: cmdow.exe
« Reply #6 on: July 23, 2006, 09:14:42 PM »
:) :) :) Why didn't I see this so useful option ? So, go on with Avast AV, the best choice of all time !
Thanks a lot for you quick reply and your great help !
It was providential... this way you can use the forums, learn and join the family  8)
Welcome  8)
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89443
  • No support PMs thanks
Re: cmdow.exe
« Reply #7 on: July 24, 2006, 06:24:51 PM »
This has now been corrected in the 0630-1 VPS update released today. So you should be able to remove it from your exclusions lists.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

fredwe

  • Guest
Re: cmdow.exe
« Reply #8 on: September 30, 2006, 08:10:30 PM »
This has now been corrected in the 0630-1 VPS update released today. So you should be able to remove it from your exclusions lists.

And in fact this is the same problem for tools from Nirsoft (http://www.nirsoft.com/): mailpv.exe, mspass.exe, netpass.exe

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89443
  • No support PMs thanks
Re: cmdow.exe
« Reply #9 on: October 01, 2006, 03:27:43 PM »
Then follow the same procedure, virustotal, jotti and submission to avast! as previously suggested.
avast now has a number of tools that are detected as [tool] after the virus name to indicate that it is a tool which could be used maliciously as well as for good. A chisel in the hands of a artist can produce works of art, that same tool in the hands of a madman can produce destruction, the problem is identifying its use/purpose.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

jamie

  • Guest
Re: cmdow.exe
« Reply #10 on: October 02, 2006, 07:03:37 AM »
i installed comodo firewall and got the same
alert ? came up as a trojen ?

which was also CMDOW.exe