False positive with Bart PE and PrevX?

Discussion in 'NOD32 version 2 Forum' started by pc-support, Oct 27, 2006.

Thread Status:
Not open for further replies.
  1. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    27/10/2006 11:35:38 AMON file C:\pebuilder3110a\BartPE\I386\SYSTEM32\CMDOW.EXE Win32/CMDOW.142 application error while cleaning - operation unavailable for this type of object PCSUPPORT\Administrator Event occurred at an attempt to access the file by the application: C:\Program Files\Prevx1\PXConsole.exe.


    Thoughts please!
     
  2. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Not a false positive, you have enabled detection of potentially dangerous applications - 'Win32/CMDOW.142 application' and was triggered when PrevX tried to access CMDOW.EXE

    If it got on your system other than by your own deliberate actions you would definitely want it detected.

    Cheers :)
     
  3. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Mostly potentially dangerous applications are legitimate files - otherwise they would be called malware or something instead.

    Cheers :)
     
  5. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    "Some anti-virus software vendors now classify cmdow.exe as a hacking tool because it can hide windows."

    I've seen this used in a malicious way. It was used in combination with trojans (mIRC-backdoor servers) and "worms". The user doesn't really notice it running in the background, because this application hides it.
     
Thread Status:
Not open for further replies.