Hirens Boot CD Malware?

Discussion in 'malware problems & news' started by tVirus, Jan 17, 2012.

Thread Status:
Not open for further replies.
  1. tVirus

    tVirus Registered Member

    Joined:
    Jan 8, 2012
    Posts:
    14
    Location:
    UK
    I have noticed there are a few files on the hirens boot cd which are detected as malware by MBAM. Is this CD safe to use because I have been using it for drive backups on the laptop?

    VirusTotal Results...
    /System32/fdco1.dll (VT 0/43)
    /System32/keybtray.exe (VT 28/43 - Mostly Heur)
    /System32/msxml2.dll (VT 2/43 - MSFake)
    /System32/sfcfiles.dll (VT 0/43)
    /System32/vbscript.dll (VT 2/43 - MSFake)
    /System32/wzcsvc.dll (VT1/43 - Unclassified)
     
  2. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Hirens...I don't think you are allowed to talk about it? But, I could be wrong.
     
  3. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,969
    Location:
    U.S.A.
    Tarnak, the Hiren's of old contained paid commercial software, violating copyrights in the process, but the new Hiren's Boot CD is mainly all Freeware, with some Shareware programs.

    tVirus, your best bet is to post your findings in MBAM's False Positives Forum, if you believe these are false positives. They will advise you.
     
  4. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    i have the ISO on my hard drive and all 9 of my on demand scanners detect something or another in Hirens ISO so i dont think they are false positives. although the ones you listed are not detected by my scanners so those particular ones could be false positives. but on the whole most scanners will detect something in Hirens as it does have exe's and dll's which are used by malware so they are not false positives per say.

    dont worry about them :thumb:
     
  5. tVirus

    tVirus Registered Member

    Joined:
    Jan 8, 2012
    Posts:
    14
    Location:
    UK
    I understand there could be an issue with FPs on most of these files but what bothers me is the /System32/keybtray.exe, this is detected as malware by 28 anti-malware products.
     
  6. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Tools used to reset passwords and such are flagged as hack tools. But theyre not. Thats a false positive and its non malicious
     
  7. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    where did you find that file? In your systems drive system32 folder?
     
  8. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Today I was thinking about adding Hiren's Boot CD 15.1 to my YUMI USB Flash Drive for the first time. As a precaution, I scanned with both the Kaspersky Rescue Disk 10 and the Dr.Web LiveCD. Both reported Malware in the Hiren's Boot CD ISO file. Kaspersky had specifics:

    Detected: Trojan.Win32.Chifrax.cxp E:/...../...../Hirens.BootCD.15.1.zip/Hiren's.BootCD.15.1.iso/HBCD/Programs/Files/WinNTSetup.7z/WinNTSetup.exe

    I changed my mind about adding Hiren's Boot CD 15.1 to my YUMI USB Flash Drive. I know that the detection(s) may be False Positives, but I do not want to take the "Risk".
     
  9. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    hi.
    Can Hirens boot cd be installed straight onto an external hard drive.?
    Does it have to go on a CD?
    Many thanks.
     
  10. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,301
    Location:
    England
    There's not much point in installing it anywhere. You burn the iso to a cd and use it to boot your machine outside of Windows.

    Then you can run some of its tools on your 'poorly' machine such as doing an Eset Online scan to get rid of nasties, (it allows you to use the internet) checking the state of your hard drive and loads of other things.

    It's a great cd to have around.
     
Loading...
Thread Status:
Not open for further replies.