Dear MDGx
I am using ANTIVIR from www.free-av.com when i run 98se2me it show like
c:\9!M\1S-T3RSC.TMP
CONTAINS CODE OF THE PMS/NIRCMD.155 VIRUS.
WHAT'S THAT AND AFTER THAT I FIND NIRCMD.EXE/COM FILE I HAVE DELETED ALL THE FILES AFTER THAT WHAT IT IS.
IT'S ON 15/05/05'S DOWNLOAD OF 98SE2ME.EXE
PLEASE REPLY SOON AS POSSIBLE.
THANKS
MSFN ENJOY!!!
Full Version: VIRUS in 98se2me
MSFN Forums > Microsoft Software Products - Discussion & Support > Windows 95/98/98SE/ME > Windows 9x Member Projects
Most likely a false alarm.
Upload the file here - http://virusscan.jotti.org/ and check it against other virus scanners.
I bet that EXE is UPX'd which most AV companies are having problems with.
Upload the file here - http://virusscan.jotti.org/ and check it against other virus scanners.
I bet that EXE is UPX'd which most AV companies are having problems with.
I think it is a false alarm as well. Some of Nirsoft's excellent utils seem to be falsely detected by one antivir or another as viruses. I emailed him sometimes ago about it (to which he kindly answered) after someone I recomended his utils to complained that Norton was finding it was a virus. It seems the situation is slowly improving. For example his latest nircmd is not detected as virus anymore by Antivir I use. For my part it is the only false postive I have had myself with one of his softs.
QUOTE (ckit @ Jun 13 2005, 10:55 PM)
Most likely a false alarm.
Upload the file here - http://virusscan.jotti.org/ and check it against other virus scanners.
I bet that EXE is UPX'd which most AV companies are having problems with.
Exactly my opinion.Upload the file here - http://virusscan.jotti.org/ and check it against other virus scanners.
I bet that EXE is UPX'd which most AV companies are having problems with.
Thanks a lot for helping out, ckit + eidenk.
BTW:
I opened nircmd.exe in a hex editor and found "UPX" + "UPX 1.24" strings. So nircmd.exe *is* packed with UPX.
QUOTE ( chankya )
I am using ANTIVIR from www.free-av.com when i run 98se2me it show like
c:\9!M\1S-T3RSC.TMP
CONTAINS CODE OF THE PMS/NIRCMD.155 VIRUS.
If you think the copy of nircmd.exe included with 98SE2ME is "infected", please d/l the original file from the author's web site:c:\9!M\1S-T3RSC.TMP
CONTAINS CODE OF THE PMS/NIRCMD.155 VIRUS.
http://www.nirsoft.net/utils/nircmd.html
and check it again with your antivirus tool. You'll get the same *false* virus report.
Also, there are many web sites that detail the problems anti-virus developers encounter when trying to scan UPX packed executables.
More info can be found on NirCmd's author site [1st Q + A]:
http://www.nirsoft.net/faq.html
and here [false positives]:
http://www.nirsoft.net/false_positive_report.html
Hope this helps.
QUOTE
I opened nircmd.exe in a hex editor and found "UPX" + "UPX 1.24" strings. So nircmd.exe *is* packed with UPX.
A nice little tool : PEiD
QUOTE (MDGx @ Jun 14 2005, 10:09 PM)
Indeed it is.. I love that program for identifying packed exes.. Very nice right now for all the UPX flase positives with AntiVirus software.
Dear Readers
I am very sorry to all of u. But i submitted it only for rechecking i have downloaded new from the about mentioned site and found no virus in it.
sorry for inconveniance to all of u and thanks for u'r explanations regarding upx
msfn enjoy!!!
I am very sorry to all of u. But i submitted it only for rechecking i have downloaded new from the about mentioned site and found no virus in it.
sorry for inconveniance to all of u and thanks for u'r explanations regarding upx
msfn enjoy!!!
No need to apologize.
Not everybody knows about UPX false virus warnings.
I'm glad u brought this up, as of the 98SE2ME 6-14-2005 edition I have removed nircmd.exe, so from now on there will be no more virus warnings.
Thanks again for your feedback.
Not everybody knows about UPX false virus warnings.
I'm glad u brought this up, as of the 98SE2ME 6-14-2005 edition I have removed nircmd.exe, so from now on there will be no more virus warnings.
Thanks again for your feedback.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.