Re: [Qgis-user] QGIS has the virus Hacktool.Win64.NirCMD.SM?

2020-05-14 Thread Andreas Neumann 

Hi all,

This topic comes up every couple months, dating back almost a decade or 
two. If you google for "QGIS nircmd virus" you will find plenty of 
discussions around this topic, like this discussion thread from 2011: 
http://osgeo-org.1560.x6.nabble.com/Re-Qgis-user-nircmd-flagged-as-a-virus-td4102707.html


QGIS is using nircmd to manage settings in .ini setting files, or other 
smaller tasks useful during installation or launching of QGIS. See 
http://www.nirsoft.net/utils/nircmd.html


Unfortunately, AV software is frequently flagging legitimate software 
as  dangerous - they just do a really bad job! One can ask them to 
investigate, then they fix it temporarily, but the next version will 
bring up the same warning again ... it's kind of a tedious task trying 
to fix such issues with AV software vendors. They like to scare users to 
make their software seem relevant and important to their customers.


Greetings,

Andreas

Am 14.05.20 um 22:47 schrieb Christine:

Good evening,
was also worried this afternoon by the same alerts on two different machines
of my employer. Both with TREND supervision. The alerts had something to do
with contents in  OSGeo4W and QGIS folders. Couldn't reach the IT colleques
so will possibly  have discussions tomorrow.

Regards, Christine



--
Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-User-f4125267.html
___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user

___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user

Re: [Qgis-user] QGIS has the virus Hacktool.Win64.NirCMD.SM?

2020-05-14 Thread Christine 
Good evening,
was also worried this afternoon by the same alerts on two different machines
of my employer. Both with TREND supervision. The alerts had something to do
with contents in  OSGeo4W and QGIS folders. Couldn't reach the IT colleques
so will possibly  have discussions tomorrow. 

Regards, Christine



--
Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-User-f4125267.html
___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user

Re: [Qgis-user] QGIS has the virus Hacktool.Win64.NirCMD.SM?

2020-05-14 Thread Nicolas Cadieux 

Hi,

https://www.nirsoft.net/utils/nircmd.html

As you can see, it could be very useful to use if one wanted to hack a 
computer.  My guess is that it gets flagged because the company also 
does Windows Password Recovery tools...


Nicolas

On 2020-05-14 3:00 p.m., Bob and Deb wrote:
Oops, forgot another "qgis".  It's 
https://github.com/qgis/qgis/issues/32247


I now know what is happening, but I will send a post to the developers.

-Bob

On Thu, May 14, 2020, 11:53 AM Nicolas Cadieux 
mailto:nicolas.cadi...@archeotec.ca>> 
wrote:


Hi,

I cannot find your issue.  The link does not work. Normally these
are false positive and normally they happen when virus database
are updated.  Send an email to the developer list if you have
questions.  I have been using Qgis since version 0.8.  I have
never seen a virus.  I am not on the developers list.

Nicolas

On 2020-05-14 2:06 p.m., Bob and Deb wrote:

Hi Nicolas,

I just noticed https://github.com/qgis/issues/32247 that was just
posted today.  It seems that Trend just updated their virus
database, so there could be troubles ahead for QGIS users.

I was afraid our IT department would blacklist QGIS.  This ticket
was greatly needed!

Bob


On Thu, May 14, 2020, 10:19 AM Nicolas Cadieux
mailto:nicolas.cadi...@archeotec.ca>> wrote:

Probably false positive.

Scan my version of the file.  I am running QGIS 3.12. 
Windows Defender does not find anything (not surprising).  If
mine is ok and your not, you may have a problem.  If both are
problematic, this probably a false positive.

Nicolas

On 2020-05-14 12:53 p.m., Bob and Deb wrote:


Hello All,

One of our computers has been getting many alerts by Trend
saying there is an issue caused by “Hacktool.Win64.NirCMD.SM

”
on the command nircmd.exe.  And this is a description: of
that alert:

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/HackTool.Win64.NirCMD.SM

Is this a false positive virus alert?

Thank you,

Bob


___
Qgis-user mailing list
Qgis-user@lists.osgeo.org  
List info:https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe:https://lists.osgeo.org/mailman/listinfo/qgis-user


___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user

Re: [Qgis-user] QGIS has the virus Hacktool.Win64.NirCMD.SM?

2020-05-14 Thread Bob and Deb 
Oops, forgot another "qgis".  It's https://github.com/qgis/qgis/issues/32247

I now know what is happening, but I will send a post to the developers.

-Bob

On Thu, May 14, 2020, 11:53 AM Nicolas Cadieux 
wrote:

> Hi,
>
> I cannot find your issue.  The link does not work. Normally these are
> false positive and normally they happen when virus database are updated.
> Send an email to the developer list if you have questions.  I have been
> using Qgis since version 0.8.  I have never seen a virus.  I am not on the
> developers list.
>
> Nicolas
> On 2020-05-14 2:06 p.m., Bob and Deb wrote:
>
> Hi Nicolas,
>
> I just noticed https://github.com/qgis/issues/32247 that was just posted
> today.  It seems that Trend just updated their virus database, so there
> could be troubles ahead for QGIS users.
>
> I was afraid our IT department would blacklist QGIS.  This ticket was
> greatly needed!
>
> Bob
>
>
> On Thu, May 14, 2020, 10:19 AM Nicolas Cadieux <
> nicolas.cadi...@archeotec.ca> wrote:
>
>> Probably false positive.
>>
>> Scan my version of the file.  I am running QGIS 3.12.  Windows Defender
>> does not find anything (not surprising).  If mine is ok and your not, you
>> may have a problem.  If both are problematic, this probably a false
>> positive.
>>
>> Nicolas
>> On 2020-05-14 12:53 p.m., Bob and Deb wrote:
>>
>> Hello All,
>>
>>
>>
>> One of our computers has been getting many alerts by Trend saying there
>> is an issue caused by “Hacktool.Win64.NirCMD.SM
>> ”
>> on the command nircmd.exe.  And this is a description: of that alert:
>> https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/HackTool.Win64.NirCMD.SM
>>
>>
>>
>> Is this a false positive virus alert?
>>
>>
>>
>> Thank you,
>>
>> Bob
>>
>>
>>
>> ___
>> Qgis-user mailing listqgis-u...@lists.osgeo.org
>> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
>> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
>>
>>
___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user

Re: [Qgis-user] QGIS has the virus Hacktool.Win64.NirCMD.SM?

2020-05-14 Thread Nicolas Cadieux 

Hi,

I cannot find your issue.  The link does not work. Normally these are 
false positive and normally they happen when virus database are 
updated.  Send an email to the developer list if you have questions.  I 
have been using Qgis since version 0.8.  I have never seen a virus.  I 
am not on the developers list.


Nicolas

On 2020-05-14 2:06 p.m., Bob and Deb wrote:

Hi Nicolas,

I just noticed https://github.com/qgis/issues/32247 that was just 
posted today.  It seems that Trend just updated their virus database, 
so there could be troubles ahead for QGIS users.


I was afraid our IT department would blacklist QGIS.  This ticket was 
greatly needed!


Bob


On Thu, May 14, 2020, 10:19 AM Nicolas Cadieux 
mailto:nicolas.cadi...@archeotec.ca>> 
wrote:


Probably false positive.

Scan my version of the file.  I am running QGIS 3.12.  Windows
Defender does not find anything (not surprising).  If mine is ok
and your not, you may have a problem.  If both are problematic,
this probably a false positive.

Nicolas

On 2020-05-14 12:53 p.m., Bob and Deb wrote:


Hello All,

One of our computers has been getting many alerts by Trend saying
there is an issue caused by “Hacktool.Win64.NirCMD.SM

”
on the command nircmd.exe.  And this is a description: of that
alert:

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/HackTool.Win64.NirCMD.SM

Is this a false positive virus alert?

Thank you,

Bob


___
Qgis-user mailing list
Qgis-user@lists.osgeo.org  
List info:https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe:https://lists.osgeo.org/mailman/listinfo/qgis-user


___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user

Re: [Qgis-user] QGIS has the virus Hacktool.Win64.NirCMD.SM?

2020-05-14 Thread Bob and Deb 
Hi Nicolas,

I just noticed https://github.com/qgis/issues/32247 that was just posted
today.  It seems that Trend just updated their virus database, so there
could be troubles ahead for QGIS users.

I was afraid our IT department would blacklist QGIS.  This ticket was
greatly needed!

Bob


On Thu, May 14, 2020, 10:19 AM Nicolas Cadieux 
wrote:

> Probably false positive.
>
> Scan my version of the file.  I am running QGIS 3.12.  Windows Defender
> does not find anything (not surprising).  If mine is ok and your not, you
> may have a problem.  If both are problematic, this probably a false
> positive.
>
> Nicolas
> On 2020-05-14 12:53 p.m., Bob and Deb wrote:
>
> Hello All,
>
>
>
> One of our computers has been getting many alerts by Trend saying there is
> an issue caused by “Hacktool.Win64.NirCMD.SM
> ”
> on the command nircmd.exe.  And this is a description: of that alert:
> https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/HackTool.Win64.NirCMD.SM
>
>
>
> Is this a false positive virus alert?
>
>
>
> Thank you,
>
> Bob
>
>
>
> ___
> Qgis-user mailing listqgis-u...@lists.osgeo.org
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user
>
>
___
Qgis-user mailing list
Qgis-user@lists.osgeo.org
List info: https://lists.osgeo.org/mailman/listinfo/qgis-user
Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user