'Flash_Disinfector.exe' problem

[PC-Pete]

When running Flash Disinfector (http://www.techsupportforum.com/sect...isinfector.exe) 2 files are flagged with dire warnings and blocked by Threatfire. (see image).

I've not previously used Flash Disinfector but it comes from usually trusted sources. Is it really malicious?

Pete

[mjq424]

Hi
Both Nircmd.exe and pv.exe are command line tools that can be used for malicious purposes as well as useful purposes. I always thought that nircmd.exe was on the PUA list and should throw up a grey alert box, I'm not sure about pv.exe though.
Do you get any alerts from ThreatFire? What other security programs do you have?

[khim]

Hi,
All
See what Nircmd.exe is on this website http://www.google.com.au/search?q=Ni...ient=firefox-a and also see what pv.exe is http://www.google.com.au/search?q=pv...ient=firefox-a Click on those links to view.
They are unwanted software and may harm the computer.

Hope it helps

[PC-Pete]

Hi
Both Nircmd.exe and pv.exe are command line tools that can be used for malicious purposes as well as useful purposes. I always thought that nircmd.exe was on the PUA list and should throw up a grey alert box, I'm not sure about pv.exe though.
Do you get any alerts from ThreatFire? What other security programs do you have?

Thanks for the info. This PC also has Avast Pro 4.8.1196 and WinPatrol 14.0.2007.1. See attached image for TF alerts.

My question is why would a programmer use cryptic/silent commands for a legitimate purpose? I guess they just didn't think of it being detected.

[mjq424]

Hi
NirCmd is certainly used ("silently") in several community antimalware applications (like ComboFix/SmitfraudFix) for process/file interaction. Here it does seem that it may have been a legitimate detection though alongside the Trojan-PWS.Bancos.
Hope that helps