[Qgis-user] QGIS has the virus Hacktool.Win64.NirCMD.SM?

Nicolas Cadieux nicolas.cadieux at archeotec.ca
Thu May 14 13:04:59 PDT 2020 

Hi,

https://www.nirsoft.net/utils/nircmd.html

As you can see, it could be very useful to use if one wanted to hack a 
computer.  My guess is that it gets flagged because the company also 
does Windows Password Recovery tools...

Nicolas

On 2020-05-14 3:00 p.m., Bob and Deb wrote:
> Oops, forgot another "qgis".  It's 
> https://github.com/qgis/qgis/issues/32247
>
> I now know what is happening, but I will send a post to the developers.
>
> -Bob
>
> On Thu, May 14, 2020, 11:53 AM Nicolas Cadieux 
> <nicolas.cadieux at archeotec.ca <mailto:nicolas.cadieux at archeotec.ca>> 
> wrote:
>
>     Hi,
>
>     I cannot find your issue.  The link does not work. Normally these
>     are false positive and normally they happen when virus database
>     are updated.  Send an email to the developer list if you have
>     questions.  I have been using Qgis since version 0.8.  I have
>     never seen a virus.  I am not on the developers list.
>
>     Nicolas
>
>     On 2020-05-14 2:06 p.m., Bob and Deb wrote:
>>     Hi Nicolas,
>>
>>     I just noticed https://github.com/qgis/issues/32247 that was just
>>     posted today.  It seems that Trend just updated their virus
>>     database, so there could be troubles ahead for QGIS users.
>>
>>     I was afraid our IT department would blacklist QGIS.  This ticket
>>     was greatly needed!
>>
>>     Bob
>>
>>
>>     On Thu, May 14, 2020, 10:19 AM Nicolas Cadieux
>>     <nicolas.cadieux at archeotec.ca
>>     <mailto:nicolas.cadieux at archeotec.ca>> wrote:
>>
>>         Probably false positive.
>>
>>         Scan my version of the file.  I am running QGIS 3.12. 
>>         Windows Defender does not find anything (not surprising).  If
>>         mine is ok and your not, you may have a problem.  If both are
>>         problematic, this probably a false positive.
>>
>>         Nicolas
>>
>>         On 2020-05-14 12:53 p.m., Bob and Deb wrote:
>>>
>>>         Hello All,
>>>
>>>         One of our computers has been getting many alerts by Trend
>>>         saying there is an issue caused by “Hacktool.Win64.NirCMD.SM
>>>         <https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fHacktool.Win64.NirCMD.SM&umid=d7fa987b-5f06-40a1-946b-6430a7223233&auth=44d5c7213adeed633b42437d873f0cd41ec0ce6b-8b54c1215904be65c9beb4e32b9e4c9fab8472d0>”
>>>         on the command nircmd.exe.  And this is a description: of
>>>         that alert:
>>>         https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/HackTool.Win64.NirCMD.SM
>>>
>>>         Is this a false positive virus alert?
>>>
>>>         Thank you,
>>>
>>>         Bob
>>>
>>>
>>>         _______________________________________________
>>>         Qgis-user mailing list
>>>         Qgis-user at lists.osgeo.org  <mailto:Qgis-user at lists.osgeo.org>
>>>         List info:https://lists.osgeo.org/mailman/listinfo/qgis-user
>>>         Unsubscribe:https://lists.osgeo.org/mailman/listinfo/qgis-user
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20200514/63041fbf/attachment.html>

More information about the Qgis-user mailing list