Unsure where Eset got their installer from but the official Combofix download link is at Bleepingcomputer.The IExplorer.exe file is Nircmd.exe(renamed) with MD5 753BC16326FEE4A421ACB636CCD602F4VT report would not say Sality for that file as its 3 year old legitimate tool.»www.virustotal.com/file/24ca5ceb···nalysis/
quote:IExplorer.exe file is Nircmd.exe(renamed)
What version & size of nircmd.exe ?In what I have (Combofix.exe), both firefox.exe.VIR & iexplore.exe.VIR (both lower case, the .VIR added by me) are 256,000 bytes (& are exactly the same, chameleons if you will) but neither compare in any way to any nircmd.exe that I have?VirusTotal (1 / 46) iexplore.exe.
The affected file was not nircmd. It was a different file unfortunately.