Author Topic: avast free av reports cmd.exe as a trojan  (Read 6390 times)

0 Members and 1 Guest are viewing this topic.

blackhat

  • Guest
avast free av reports cmd.exe as a trojan
« on: April 01, 2011, 05:11:57 PM »
hi

windows xp sp2 and avast free av cmd.exe trojan...

when i have cmd.exe running and i run a memory scan i get threat detected process 3332 [cmd.exe] / severity high / status threat win32: trojan-gen, i have formatted my operating system partition and i dont get before the web rep avast update but still get this after newest av update. it has happened on 2 different computers with no files in common...

if i do a scan of the full system without launching cmd.exe no threat is found, only if i start cmd.exe and do a memory scan...

i have installed the free trial of kaspersky av, updated it, scanned the memory and when cmd.exe is running it does not find see it? please help?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: avast free av reports cmd.exe as a trojan
« Reply #1 on: April 01, 2011, 05:22:45 PM »
windows xp sp2 and avast free av cmd.exe trojan...

Update to XP SP3..!!
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Dieselman

  • Guest
Re: avast free av reports cmd.exe as a trojan
« Reply #2 on: April 01, 2011, 05:26:25 PM »
Microsoft no longer supports SP1 or SP2.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: avast free av reports cmd.exe as a trojan
« Reply #3 on: April 01, 2011, 05:27:10 PM »
Suspicious file(s) can be uploaded to www.virustotal.com and tested with 43 malware scanners
when you have the result, you may copy the URL in the address bar and post the scan link here if you want us to see the result


I guess this was a custom scan and you selected "Scan memory"  ?
this can create some strange results, and you can see one example here
http://forum.avast.com/index.php?topic=74430.0

I recomend using the default quick/full scan with default settings


Quote
i have installed the free trial of kaspersky av, updated it, scanned the memory and when cmd.exe is running it does not find see it? please help?
have you installed avast and kaspersky ?

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638


If you want an extra scanner that is working with avast i recomend Malwarebytes
www.malwarebytes.org





Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: avast free av reports cmd.exe as a trojan
« Reply #4 on: April 01, 2011, 05:31:04 PM »
Microsoft no longer supports SP1 or SP2.

If he should have a 64bit XP, SP2 would be the latest (&supported), but it's rather seldom. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Dieselman

  • Guest
Re: avast free av reports cmd.exe as a trojan
« Reply #5 on: April 01, 2011, 05:37:23 PM »
Its very rare you see XP 64 bit unless its s business pc.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: avast free av reports cmd.exe as a trojan
« Reply #6 on: April 01, 2011, 05:41:30 PM »
Its very rare you see XP 64 bit unless its s business pc.

That's pretty much the same, I wrote above. ;)
Let's wait for an answer from the OP until we suggest further steps.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: avast free av reports cmd.exe as a trojan
« Reply #7 on: April 01, 2011, 05:48:43 PM »
What exactly does the result line say? (including the block address)

blackhat

  • Guest
Re: avast free av reports cmd.exe as a trojan
« Reply #8 on: April 02, 2011, 03:55:39 PM »
THX pondus...]

tried http://www.virustotal.com useful tool here are the results...

File name: cmd.exe
Submission date: 2011-04-02 13:21:46 (UTC)
Current status: queued queued analysing finished


Result: 1/ 41 (2.4%)
 VT Community

not reviewed
 Safety score: - 
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.04.03.00 2011.04.02 -
AntiVir 7.11.5.168 2011.04.01 -
Antiy-AVL 2.0.3.7 2011.04.02 -
Avast 4.8.1351.0 2011.04.02 -
Avast5 5.0.677.0 2011.04.02 -
AVG 10.0.0.1190 2011.04.02 -
BitDefender 7.2 2011.04.02 -
CAT-QuickHeal 11.00 2011.04.02 -
ClamAV 0.97.0.0 2011.04.01 -
Commtouch 5.2.11.5 2011.03.24 -
Comodo 8193 2011.04.02 -
DrWeb 5.0.2.03300 2011.04.02 -
Emsisoft 5.1.0.5 2011.04.02 -
eSafe 7.0.17.0 2011.04.01 -
eTrust-Vet 36.1.8248 2011.04.01 -
F-Prot 4.6.2.117 2011.04.02 -
F-Secure 9.0.16440.0 2011.04.02 -
Fortinet 4.2.254.0 2011.04.02 -
GData 22 2011.04.02 -
Ikarus T3.1.1.103.0 2011.04.02 -
Jiangmin 13.0.900 2011.03.31 -
K7AntiVirus 9.96.4280 2011.04.02 -
Kaspersky 7.0.0.125 2011.04.02 -
McAfee 5.400.0.1158 2011.04.02 -
McAfee-GW-Edition 2010.1C 2011.04.01 Heuristic.LooksLike.Win32.NewMalware.I
Microsoft 1.6702 2011.04.02 -
NOD32 6009 2011.04.02 -
Norman 6.07.03 2011.04.02 -
Panda 10.0.3.5 2011.04.02 -
PCTools 7.0.3.5 2011.04.01 -
Rising 23.51.05.05 2011.04.02 -
Sophos 4.64.0 2011.04.02 -
SUPERAntiSpyware 4.40.0.1006 2011.04.02 -
Symantec 20101.3.2.89 2011.04.02 -
TheHacker 6.7.0.1.164 2011.04.02 -
TrendMicro 9.200.0.1012 2011.04.01 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.02 -
VBA32 3.12.14.3 2011.04.01 -
VIPRE 8896 2011.04.02 -
ViRobot 2011.4.2.4390 2011.04.02 -
VirusBuster 13.6.283.0 2011.04.02 -
Additional informationShow all 
MD5   : eeb024f2c81f0d55936fb825d21a91d6
SHA1  : dd47ff16176412ec2e170cda441b4a220ff52f46
SHA256: c8e419248e33efa206c3f66595118d876c36b6fe27c379174d46c770d1d198ab


a few things to various posters

yes i uninstalled avast before installing kaspersky trial..

i already know that sp2 is not supported my microsoft and the fact that they dont support it is not relavant imo.

what the issue is for me is its either a virus/trojan or its a false positive.. this what i need to know. and how to get rid of it if it is a virus/trojan.

what would be interesting to know is if other people are using windows xp sp2 and avast does report as a trojan if you run cmd.exe and do a memory scan but not if just scan cmd.exe?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: avast free av reports cmd.exe as a trojan
« Reply #9 on: April 02, 2011, 04:37:13 PM »
i already know that sp2 is not supported my microsoft and the fact that they dont support it is not relavant imo.

If you use a legit XP, there's no reason to stay on SP2. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

doktornotor

  • Guest
Re: avast free av reports cmd.exe as a trojan
« Reply #10 on: April 02, 2011, 04:43:19 PM »
On a generic note, an antivirus will NOT fix the security holes in your operating system. It is not designed to do so. Other tools like EMET might help there, but then anyway there is totally no reason to not install the latest SP.