|reply to Jrb2 |
Re: Beware of Combofix - contains infected file
Unsure where Eset got their installer from but the official Combofix download link is at Bleepingcomputer.
The IExplorer.exe file is Nircmd.exe(renamed) with MD5 753BC16326FEE4A421ACB636CCD602F4
VT report would not say Sality for that file as its 3 year old legitimate tool.
IExplorer.exe file is Nircmd.exe(renamed)
Why would they do that, unless to act like a chameleon
·Verizon Online DSL
|reply to MumRAR |
What version & size of nircmd.exe ?
In what I have (Combofix.exe), both firefox.exe.VIR & iexplore.exe.VIR (both lower case, the .VIR added by me) are 256,000 bytes (& are exactly the same, chameleons if you will) but neither compare in any way to any nircmd.exe that I have?
VirusTotal (1 / 46) iexplore.exe
The affected file was not nircmd. It was a different file unfortunately.