Verifying if hkcmd.exe is a false positive

Discussion in 'ewido anti-spyware forum' started by Cgands, Mar 21, 2008.

Thread Status:
Not open for further replies.
  1. Cgands

    Cgands Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    1
    Hello,

    I had a run in with some trojans yesterday, and went on a bit of a witch hunt. I think I got everything, but I can't tell if a few things that popped up are legit or not. I opened up hkcmd.exe in notepad, and was horrified to see ~2000 lines of this stuff:

    ¶ÃŠA#Æ…Àtƒ}üs‹EôÿEü€ë0ÿEôÿMøˆŠGë¹€û+„
    ÿÿÿ€û-„ÿÿÿéÕþÿÿ9žA

    Am I safe in assuming that it's a virus, or is that normal looking for an Intel file? One of the oddest parts was that way down at the bottom, there was a bit in english, but it said stuff about loading Microsoft runtimes, and copyright Microsoft.. What do you think?
     
  2. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Try uploading it to Virustotal and see what they say. It gets scanned by about 32 different products :)

    http://www.virustotal.com/
     
  3. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
Thread Status:
Not open for further replies.