Nircmd Sophos

Posted on  by admin

Sophos Virus Removal Tool Detects and Removes Computer Threats Including Malware, Viruses, Ransomware, Worms, Trojans and Rootkits. Works Alongside Your Existing Antivirus. NirCmd is classified as such as it can be abused by malware authors. If the use is intended please authorize, either via the quarantine or the Authorization section in the local Sophos client.

Sophos

What is NIRCMD.exe? NIRCMD.exe is part of NirCmd and developed by NirSoft according to the NIRCMD.exe version information. NIRCMD.exe's description is 'NirCmd'NIRCMD.exe is usually located in the 'C:32788R22FWJFW' folder. Some of the anti-virus scanners at VirusTotal detected NIRCMD.exe. If you have additional information about the file, please share it with the FreeFixer users by posting. Scan your computer with your Trend Micro product to delete files detected as HKTLNIRCMD.GA. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information.

Nircmd Sophos
Antivirus 'False Positive' Problems

Sometimes Antivirus scanner reports that a program is infected with a Virus or Trojan,even when the program is not really infected with any malicious code.This kind of problem is known as 'False Positive' or 'False Alert',and it's quite a common problem in some of the password recovery tools provided in NirSoft Web site.

The following table contains the latest 'False Positive' problems reported by users of NirSoft utilities. If your Antivirus scanner reports that a program you downloaded from NirSoft is infected with a Virus or Trojan, and that virus/trojan is not listed in the table below, please report about that to [email protected], and specify the name of your Antivirus scanner, and the name of the Virus/Trojan that it detects. It's also recommended to contact your Antivirus company, and ask them to fix this 'False Positive' problem.

Nircmd SophosNircmd

Nircmd Sophos

Notice: Due to large amount of false positives I receive on daily basis, I decided to stop updating this list.
Instead, I posted this article on my Blog: Antivirus companies cause a big headache to small developers
I hope it'll eventually help me and other developers to decrease the false positives problems.If you want to check the current false positives issues for specific utility, you can use VirusTotal Web site to get virus alerts list in 40 Antivirus programs.

If you want to send a report about a false positive to the Antivirus company, readthe following article that explains how to do it:
How to Report Malware or False Positives to Multiple Antivirus Vendors

DescriptionMessenPassDrWeb antivirus detects MessenPass as infected with Trojan.Inject.458001/12/2008
ProduKeyAVG McAfee VirusScan Enterprise 8.50 detect ProduKey as infected with Generic PWS.y (Trojan)26/10/2008
22/10/2008
17/10/2008
15/10/2008
15/10/2008
14/10/2008
11/10/2008
01/10/2008
05/05/2008
28/04/2008
17/04/2008
17/04/2008
WebVideoCapAVG detect WebVideoCap as Trojan Horse Proxy.XJS.12/01/2008
ProduKeySymantec Antivirus detect ProduKey utility as 'Security Assessment Tool'.07/12/2007
IE PassViewAVG AntiSpyware reports that iepv.exe isinfected with Dropper.Agent.IU03/09/2007
Protected Storage PassViewTrojan Hunter reports that Protected Storage PassView is infected with PWSteal.ICQSmiley.10214/06/2007
ShellExViewBitdefender reports that ShellExView is infected with [email protected]04/04/2007
CurrPortsNorton Antivirus Corporate reports that CurrPorts utility is infected with backdoor.trojan 05/02/2007
Network Password RecoveryTrend Micro Antivirus reports that netpass.exe is infected with PE_Generic virus.05/02/2007
Network Password RecoveryMcAfee VirusScan Enterprise reports that Network Password Recovery utilityis infected with PWCrack-NetPass.22/12/2006
Protected Storage PassViewBitDefender 8 reports that Protected Storage PassView is infected with Trojan.PWS.Iqsmile.A06/09/2006
IPNetInfoTrend Micro Antivirus detect IPNetInfo utility as a keylogger.12/05/2006
Mail PassViewAVG 7.1 Pro Antivirus reports that Mail PassView is infected with 'BackDoor.Generic2.Joo' trojan.02/03/2006
17/02/2006
16/01/2006
05/01/2006
Protected Storage PassViewBitdefender 8.x/9.x antivirus reports that Protected Storage PassView is infected with Application.passview.A05/01/2006
Protected Storage PassViewAVG Antivirus reports that Protected Storage PassView is infected with Downloader.Generic.KZA Trojan 13/12/2005
Protected Storage PassViewNorton Antivirus Corporate Edition identifies Protected Storage PassView as Hacktool.Passreminder.17/11/2005
Protected Storage PassViewNOD32 Antivirus (v2.50) detect Protected Storage PassView as Win32/PassView.1_62. 23/09/2005
23/08/2005
IconsExtractMcAfee VirusScan detects IconsExtract as infected with PassDump.b Trojan.23/06/2005
13/03/2005
StartupRun'Spybot Search And Destroy' reports that StartupRun utility is a malware.09/12/2004
03/12/2004
30/11/2004
10/11/2004
DialupassNorton Anti-Virus reports that dialupass.exe is infected with PWSteal.Trojan09/09/2004
Sophos Nircmd.exe
NameEngine
BHO.KEMAVG
Voronezh.1600.AN/A
Trojan.1Sunbelt
Trojan/Win32.GenomeAhnLab-V3
Trojan/Win32.Genome.genAntiy-AVL
Adware.Bho.405DrWeb
TrojWare.Win32.BHO.RBComodo
Trojan.Generic.1249573BitDefender
Trojan.Win32.Genome.ftdnKaspersky
TROJ_Generic.DIFN/A
W32/Suspicious_Gen.FKFMN/A
Win32/BHO.NUJNOD32
Trojan.Chepdu.FFN/A
Trojan/W32.Agent.176128.CRN/A
Adware/WebSearchPanda
Generic11.BLQDAVG
W32/Agent.IJE!trFortinet
Trojan.GenericN/A
Trojan/Win32.BHOAhnLab-V3
High Risk WormN/A
Trojan/BHO.bnyN/A
TR/BHO.GenAntiVir
Trojan.Siggen.1485DrWeb
TrojWare.Win32.Trojan.BHO.IJE0Comodo
Trojan.Generic.1217263BitDefender
Trojan.Win32.BHO.ijeKaspersky
Trojan.BHO-4379ClamAV
TROJ_Generic.F01N/A
W32/BHO.HAXN/A
Trojan HorseSymantec
W32/Trojan3.QCF-Prot
Win32/BHO.IJENOD32
Trojan.BHO.QPKN/A
Trojan/BHO.ijeN/A
Trojan.BHO.ijeCAT-QuickHeal
Trojan/W32.BHO.172032.NN/A
Artemis!D52A849BAAE0McAfee
AdWare.Win32.BHO.fgfN/A
Win32/Gamepass.MSKeTrust-Vet
Mal/BanLoad-NSophos
TR/Drop.Agen.241664AntiVir
a variant of Win32/Chepdu.ACNOD32
Trojan.Chepdu.RCAT-QuickHeal
Gen:Variant.Chepdu.1N/A
Trojan-Ransom.Win32.PinkBlocker!IKN/A
Artemis!44318FE27B32McAfee
Cryptic.CCFAVG
Gen.Variant.HilotiIkarus
Trojan.Win32.Generic.12758BCBN/A
Trojan.Agent/Gen-Kazy[FrameDbl]N/A
TR/Crypt.XPACK.Gen3AntiVir
a variant of Win32/Kryptik.KDHNOD32
Gen:Variant.Kazy.3358N/A
Trojan-Ransom.Win32.PinkBlockerIkarus
Trojan.Script.BAT.Agent.czN/A
PUA.Tool.Nirsofer.NirCmdClamAV
Virus in password protected archiveeSafe
23.44.00.08N/A
Artemis!A8C48C8994EBMcAfee
Bscope.Malware-Cryptor.TipN/A
Trojan/Win32.HilotiAhnLab-V3
Trojan.Agent/Gen-RogueDropN/A
Mal/Hiloti-DSophos
Trojan.Win32.Hiloti.mp (v)N/A
Gen:Variant.Hiloti.3BitDefender
TROJ_HILOTI.SME2N/A
Trojan.Script.BAT.StartPage.byN/A
Virus/Win32.Goblin.genAntiy-AVL
Trojan/Agent.dwspN/A
NirCmdSophos
Artemis!4C1BD6F803C2McAfee
Trojan-Downloader.Win32.Agent.daomN/A
Win-Trojan/Eggdrop.246532AhnLab-V3
Mal/Emogen-ESophos
Heuristic.LooksLike.Win32.Suspicious.JMcAfee-GW-Edition
PUA.Packed.PECompact-1ClamAV
Suspicious FileeSafe
W32/Suspicious.C4!genrN/A
W32/Threat-SysVenFakP-based!MaximusF-Prot
BackdoorK7AntiVirus
Backdoor.EggDrop.17CAT-QuickHeal
Trojan/W32.Agent.118272.BYN/A
Cryptic.BTQAVG
W32/BHO.BBPS!trFortinet
Gen.Variant.BuzyIkarus
Trojan.BHO.bbpsN/A
Win-Trojan/Bho.407040.BAhnLab-V3
TR/BHO.bbpsAntiVir
MalCrypt.Indus!Comodo
Gen.Variant.Buzy!IKN/A
Gen:Heur.Krypt.12BitDefender
Trojan.Win32.BHO.bbpsKaspersky
WS.Reputation.1Symantec
a variant of Win32/Kryptik.JQJNOD32
Trojan.BHO!DA5rNjq2Kw4N/A
Trojan/BHO.bbpsN/A
Artemis!934030D2B0DAMcAfee
Trojan/W32.BHO.407040N/A
Generic TrojanPanda
Generic20.CFSIAVG
W32/Palevo.BJD!wormFortinet
Gen.Trojan.HeurIkarus
Trojan.Win32.Generic.1274E0DFN/A
Worm.Kolab.srrN/A
Trojan/Win32.InjectorAhnLab-V3
Medium Risk MalwareN/A
Worm.Win32.Net-Kolab.60416N/A
Trojan/Pincav.llvN/A
Win32/Rimecud.CHFeTrust-Vet
Mal/Generic-LSophos
TR/Spy.36864.105AntiVir
Win32.HLLW.Autoruner.44501DrWeb
Gen.Trojan.Heur!IKN/A
Gen:[email protected]BitDefender
Trojan.Win32.Pincav.axriKaspersky
Trojan.Pincav-86ClamAV
Win32.GenHeur.RP.CmweSafe
TROJ_LAMEWAR.VTGN/A
W32/Kolab.KKN/A
Win32/AutoRun.KSNOD32
Trojan.Pincav!wNZ8c82Vph8N/A
RiskwareK7AntiVirus
Artemis!CAB27BA7842BMcAfee
Trojan.Pincav.axriCAT-QuickHeal
Trojan.Win32.Generic.12778E2DN/A
High Risk Cloaked MalwareN/A
TR/Agent.53248.EGAntiVir
Trojan.Packed.21395DrWeb
Heur.SuspiciousComodo
Gen:[email protected]BitDefender
Packed.Win32.Krap.igKaspersky
a variant of Win32/Injector.EOENOD32
Trj/Downloader.MDWPanda
BHO.GDMAVG
W32/Chepdu.SC!trFortinet
Trojan.Win32.ChepduIkarus
Trojan.Win32.Generic!BTSunbelt
Win32.BHO.NJGN/A
Trojan:Win32/Chepdu.BMicrosoft
Downloader.TrojanSymantec
Trojan/Win32.BHO.genAntiy-AVL
Heur:Trojan/BHON/A
Mal/BHO-QSophos
Trojan.BHO.172032McAfee-GW-Edition
TROJ_GEN.0Z0802TrendMicro
TR/BHO.172032AntiVir
Trojan.BhoSiggen.678DrWeb
Trojan.Generic.876032BitDefender
Trojan.Win32.BHO.puvKaspersky
Trojan.BHO-4562ClamAV
Win32:Trojan-genAvast
W32/BHO.MOSN/A
Trojan.Win32.Chepdu!IKa-squared
W32/BadBHO.J.gen!EldoradoF-Prot
Win32/BHO.NJGNOD32
Trojan.Chepdu.PN/A
Trojan.Win32.Malware.1K7AntiVirus
Trojan.Chepdu.bCAT-QuickHeal
Trojan/W32.Agent.167936.AKN/A
Generic.dxMcAfee+Artemis