chankya Posted June 14, 2005 Share Posted June 14, 2005 Dear MDGxI am using ANTIVIR from www.free-av.com when i run 98se2me it show like c:\9!M\1S-T3RSC.TMPCONTAINS CODE OF THE PMS/NIRCMD.155 VIRUS.WHAT'S THAT AND AFTER THAT I FIND NIRCMD.EXE/COM FILE I HAVE DELETED ALL THE FILES AFTER THAT WHAT IT IS.IT'S ON 15/05/05'S DOWNLOAD OF 98SE2ME.EXE PLEASE REPLY SOON AS POSSIBLE.THANKSMSFN ENJOY!!! Link to comment Share on other sites More sharing options...
ckit Posted June 14, 2005 Share Posted June 14, 2005 (edited) Most likely a false alarm.Upload the file here - http://virusscan.jotti.org/ and check it against other virus scanners.I bet that EXE is UPX'd which most AV companies are having problems with. Edited June 14, 2005 by ckit Link to comment Share on other sites More sharing options...
eidenk Posted June 14, 2005 Share Posted June 14, 2005 I think it is a false alarm as well. Some of Nirsoft's excellent utils seem to be falsely detected by one antivir or another as viruses. I emailed him sometimes ago about it (to which he kindly answered) after someone I recomended his utils to complained that Norton was finding it was a virus. It seems the situation is slowly improving. For example his latest nircmd is not detected as virus anymore by Antivir I use. For my part it is the only false postive I have had myself with one of his softs. Link to comment Share on other sites More sharing options...
MDGx Posted June 14, 2005 Share Posted June 14, 2005 (edited) Most likely a false alarm.Upload the file here - http://virusscan.jotti.org/ and check it against other virus scanners.I bet that EXE is UPX'd which most AV companies are having problems with.Exactly my opinion.Thanks a lot for helping out, ckit + eidenk. BTW:I opened nircmd.exe in a hex editor and found "UPX" + "UPX 1.24" strings. So nircmd.exe *is* packed with UPX.I am using ANTIVIR from www.free-av.com when i run 98se2me it show likec:\9!M\1S-T3RSC.TMPCONTAINS CODE OF THE PMS/NIRCMD.155 VIRUS.If you think the copy of nircmd.exe included with 98SE2ME is "infected", please d/l the original file from the author's web site:http://www.nirsoft.net/utils/nircmd.htmland check it again with your antivirus tool. You'll get the same *false* virus report.Also, there are many web sites that detail the problems anti-virus developers encounter when trying to scan UPX packed executables.More info can be found on NirCmd's author site [1st Q + A]:http://www.nirsoft.net/faq.htmland here [false positives]:http://www.nirsoft.net/false_positive_report.htmlHope this helps. Edited June 14, 2005 by MDGx Link to comment Share on other sites More sharing options...
eidenk Posted June 15, 2005 Share Posted June 15, 2005 I opened nircmd.exe in a hex editor and found "UPX" + "UPX 1.24" strings. So nircmd.exe *is* packed with UPX. A nice little tool : PEiD Link to comment Share on other sites More sharing options...
MDGx Posted June 15, 2005 Share Posted June 15, 2005 A nice little tool: PEiDThanks, it is a nice little tool. Link to comment Share on other sites More sharing options...
bilemke Posted June 15, 2005 Share Posted June 15, 2005 A nice little tool: PEiDThanks, it is a nice little tool. <{POST_SNAPBACK}>Indeed it is.. I love that program for identifying packed exes.. Very nice right now for all the UPX flase positives with AntiVirus software. Link to comment Share on other sites More sharing options...
chankya Posted June 16, 2005 Author Share Posted June 16, 2005 Dear ReadersI am very sorry to all of u. But i submitted it only for rechecking i have downloaded new from the about mentioned site and found no virus in it.sorry for inconveniance to all of u and thanks for u'r explanations regarding upxmsfn enjoy!!! Link to comment Share on other sites More sharing options...
MDGx Posted June 18, 2005 Share Posted June 18, 2005 No need to apologize.Not everybody knows about UPX false virus warnings. I'm glad u brought this up, as of the 98SE2ME 6-14-2005 edition I have removed nircmd.exe, so from now on there will be no more virus warnings.Thanks again for your feedback. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now