dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
28
share rss forum feed


MumRAR

@sky.com
reply to Jrb2

Re: Beware of Combofix - contains infected file

Unsure where Eset got their installer from but the official Combofix download link is at Bleepingcomputer.

The IExplorer.exe file is Nircmd.exe(renamed) with MD5 753BC16326FEE4A421ACB636CCD602F4

VT report would not say Sality for that file as its 3 year old legitimate tool.
»www.virustotal.com/file/24ca5ceb···nalysis/


therube

join:2004-11-11
Randallstown, MD
quote:
IExplorer.exe file is Nircmd.exe(renamed)
Why would they do that, unless to act like a chameleon?


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to MumRAR
What version & size of nircmd.exe ?

In what I have (Combofix.exe), both firefox.exe.VIR & iexplore.exe.VIR (both lower case, the .VIR added by me) are 256,000 bytes (& are exactly the same, chameleons if you will) but neither compare in any way to any nircmd.exe that I have?

VirusTotal (1 / 46) iexplore.exe.

Grinler

join:2004-03-31
New York, NY
The affected file was not nircmd. It was a different file unfortunately.