avast free av reports cmd.exe as a trojan

hi

windows xp sp2 and avast free av cmd.exe trojan…

when i have cmd.exe running and i run a memory scan i get threat detected process 3332 [cmd.exe] / severity high / status threat win32: trojan-gen, i have formatted my operating system partition and i dont get before the web rep avast update but still get this after newest av update. it has happened on 2 different computers with no files in common…

if i do a scan of the full system without launching cmd.exe no threat is found, only if i start cmd.exe and do a memory scan…

i have installed the free trial of kaspersky av, updated it, scanned the memory and when cmd.exe is running it does not find see it? please help?

Update to XP SP3…!!

Microsoft no longer supports SP1 or SP2.

Suspicious file(s) can be uploaded to www.virustotal.com and tested with 43 malware scanners
when you have the result, you may copy the URL in the address bar and post the scan link here if you want us to see the result

I guess this was a custom scan and you selected “Scan memory” ?
this can create some strange results, and you can see one example here
http://forum.avast.com/index.php?topic=74430.0

I recomend using the default quick/full scan with default settings

i have installed the free trial of kaspersky av, updated it, scanned the memory and when cmd.exe is running it does not find see it? please help?
have you installed avast and kaspersky ?

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

If you want an extra scanner that is working with avast i recomend Malwarebytes
www.malwarebytes.org

If he should have a 64bit XP, SP2 would be the latest (&supported), but it’s rather seldom. :wink:

Its very rare you see XP 64 bit unless its s business pc.

That’s pretty much the same, I wrote above. :wink:
Let’s wait for an answer from the OP until we suggest further steps.

What exactly does the result line say? (including the block address)

THX pondus…]

tried http://www.virustotal.com useful tool here are the results…

File name: cmd.exe
Submission date: 2011-04-02 13:21:46 (UTC)
Current status: queued queued analysing finished

Result: 1/ 41 (2.4%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.04.03.00 2011.04.02 -
AntiVir 7.11.5.168 2011.04.01 -
Antiy-AVL 2.0.3.7 2011.04.02 -
Avast 4.8.1351.0 2011.04.02 -
Avast5 5.0.677.0 2011.04.02 -
AVG 10.0.0.1190 2011.04.02 -
BitDefender 7.2 2011.04.02 -
CAT-QuickHeal 11.00 2011.04.02 -
ClamAV 0.97.0.0 2011.04.01 -
Commtouch 5.2.11.5 2011.03.24 -
Comodo 8193 2011.04.02 -
DrWeb 5.0.2.03300 2011.04.02 -
Emsisoft 5.1.0.5 2011.04.02 -
eSafe 7.0.17.0 2011.04.01 -
eTrust-Vet 36.1.8248 2011.04.01 -
F-Prot 4.6.2.117 2011.04.02 -
F-Secure 9.0.16440.0 2011.04.02 -
Fortinet 4.2.254.0 2011.04.02 -
GData 22 2011.04.02 -
Ikarus T3.1.1.103.0 2011.04.02 -
Jiangmin 13.0.900 2011.03.31 -
K7AntiVirus 9.96.4280 2011.04.02 -
Kaspersky 7.0.0.125 2011.04.02 -
McAfee 5.400.0.1158 2011.04.02 -
McAfee-GW-Edition 2010.1C 2011.04.01 Heuristic.LooksLike.Win32.NewMalware.I
Microsoft 1.6702 2011.04.02 -
NOD32 6009 2011.04.02 -
Norman 6.07.03 2011.04.02 -
Panda 10.0.3.5 2011.04.02 -
PCTools 7.0.3.5 2011.04.01 -
Rising 23.51.05.05 2011.04.02 -
Sophos 4.64.0 2011.04.02 -
SUPERAntiSpyware 4.40.0.1006 2011.04.02 -
Symantec 20101.3.2.89 2011.04.02 -
TheHacker 6.7.0.1.164 2011.04.02 -
TrendMicro 9.200.0.1012 2011.04.01 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.02 -
VBA32 3.12.14.3 2011.04.01 -
VIPRE 8896 2011.04.02 -
ViRobot 2011.4.2.4390 2011.04.02 -
VirusBuster 13.6.283.0 2011.04.02 -
Additional informationShow all
MD5 : eeb024f2c81f0d55936fb825d21a91d6
SHA1 : dd47ff16176412ec2e170cda441b4a220ff52f46
SHA256: c8e419248e33efa206c3f66595118d876c36b6fe27c379174d46c770d1d198ab

a few things to various posters

yes i uninstalled avast before installing kaspersky trial…

i already know that sp2 is not supported my microsoft and the fact that they dont support it is not relavant imo.

what the issue is for me is its either a virus/trojan or its a false positive… this what i need to know. and how to get rid of it if it is a virus/trojan.

what would be interesting to know is if other people are using windows xp sp2 and avast does report as a trojan if you run cmd.exe and do a memory scan but not if just scan cmd.exe?

If you use a legit XP, there’s no reason to stay on SP2. :wink:

On a generic note, an antivirus will NOT fix the security holes in your operating system. It is not designed to do so. Other tools like EMET might help there, but then anyway there is totally no reason to not install the latest SP.