Topic: SOLVED: Virus in cmdow.exe?!

My antivirus detect in cmdow.exe Spyware.Hidewindows.l (or I may be).
I use Bit Defender and when I unpacked DPs_base_606 it returned that message. What is this?

Last edited by Bâshrat the Sneaky (2006-06-05 23:47:17)

Re: SOLVED: Virus in cmdow.exe?!

It's possible that there is some malware out there that utilizes cmdow.exe to hide some of their activities.  But cmdow.exe itself is not spyware or a virus.  It's been used by many people around here for years with none of the typical symptoms of being infected.

FWIW, I've never heard of a security product detecting cmdow.exe as something potentially dangerous before.

Re: SOLVED: Virus in cmdow.exe?!

Actually I have had the same problem too. Just recently Symantec Antivirus corporate version has started reporting 'cmdow.exe' as a problem ( I can't remember what exactly) and quarantines the file.

Re: SOLVED: Virus in cmdow.exe?!

these are what is known as "false positives".
CMDOW.EXE is NOT a virus/malware.

FYI: It usually it is recommended to scan with multiple AV programs before posting.

Re: SOLVED: Virus in cmdow.exe?!

I am using the same antivirus program for a long time ago, but that is the first time, when it happens. There was not a problem with the older driver packs bases.

Re: SOLVED: Virus in cmdow.exe?!

chertoianov wrote:

I am using the same antivirus program for a long time ago, but that is the first time, when it happens. There was not a problem with the older driver packs bases.

Yeah, same here.

Just tried to slipstream a new CD and all of a sudden I get this pop-up from NAV (info page here: http://securityresponse.symantec.com/av … ndow.html).

I've been running NAV for quite some time now and done several slipstreams and this has never occured before.

Based on the fact that the virus signature dates back to 2004, it is unlikely new virus defintions have caused this, so it must be something within the file that apparently has changed in such a way it now triggers several anti-virus softwares.

The funny thing is, it's not that the file is infected but rather the file itself being the "problem" here.

NAV notified me of having quarantined the file, I'm curious as to whether it got removed from the folder now.
Just finished the ISO and am about to burn and test very soon.

Will report back if this issue causes any further trouble.

Re: SOLVED: Virus in cmdow.exe?!

You can do a filehash comparison if you don't trust me, but I guarantee you that cmdow.exe has NOT changed and that it does NOT contain malware of any kind.

Founder of DriverPacks.net — wimleers.com

Re: SOLVED: Virus in cmdow.exe?!

No, it's really not that I don't trust you, and I am sure the same can be said about the other users smile

Then again, chances are you could have been infected yourself without noticing, so even if you just have the best intentions, this does not 100% exclude the chance a virus could have slipped your check.

Anyway, what's really strange is the fact that all of a sudden there's this report.



I finished installing the CD on my test system and indeed it is missing the file (I blame NAV's quarantine for this), so the cleanup script does not run properly (I think, was getting a lot of errors, but I couldn't find any remains on the disk...).

Because of this I manually copied cmdow.exe into the respective directory (can you confirm if %cdrom%\OEM\bin is the right place?).
I also run a manual scan on the file.
Lo and behold, NAV did not detect any threat!
The file is absouletly clean...

Auto-Scan also did not detect any infection when I copied the DP files over from another PC.

It only alerted me during the slipstream process, which is even more strange, because this is the first time it would do so.

Re: SOLVED: Virus in cmdow.exe?!

Bâshrat the Sneaky wrote:

You can do a filehash comparison if you don't trust me, but I guarantee you that cmdow.exe has NOT changed and that it does NOT contain malware of any kind.

Don't say that! You are one of the men who i trust most.
I just ask myself, why in the older version was no that problem.
I found the solution of my problem when i exclude path of driver pack base from scan.

Last edited by chertoianov (2006-06-05 05:30:59)

Re: SOLVED: Virus in cmdow.exe?!

chertoianov wrote:
Bâshrat the Sneaky wrote:

You can do a filehash comparison if you don't trust me, but I guarantee you that cmdow.exe has NOT changed and that it does NOT contain malware of any kind.

Don't say that! You are one of the men who i trust most.
I just ask myself, why in the older version was no that problem.
I found the solution of my problem when i exclude path of driver pack base from scan.

The explanation is simple: the AV makers have updated their definitions. I guess that if you'd scan the old DriverPacks BASE (pre-6.05), that you'll get the same error message now wink

Founder of DriverPacks.net — wimleers.com

Re: SOLVED: Virus in cmdow.exe?!

lol
It is the true! The old bases returns the same message.
The case is solved!

Re: SOLVED: Virus in cmdow.exe?!

It used to be that you could actually trust, with a fair amount of confidence, the reporting from AV software.  I'm finding that they all seem to be taking pretty broad liberties on what is considered an "infection" lately.

I use DameWare NT Utilities all the time for some pretty basic network management chores.  Among other things that it can do is remote control in to a workstation, much like pcAnywhere.  It's way easier to manage and use than either Remote Assistance or pcAnywhere however.  Anyway, just about every single AV and antispyware title out there flags the thing with their highest severity rating.  It's been a professional net admin product for years on end now (hence the title "NT Utilities").  Makes things a PITA.