How to remove nircmd.exe

» File
File Details
Overview
Analysis

nircmd.exe

The module nircmd.exe has been detected as Risk.NirSoft

nircmd.exe

Remove nircmd.exe

File Details

Main Info:

Product Name:	NirCmd
Company Name:	NirSoft
MD5:	80cce4afc880cde9f75dc4e8b497da80
Size:	113 KB
First Published:	2017-05-21 19:01:23 (7 years ago)
Latest Published:	2018-12-18 12:06:37 (5 years ago)

Analysis:

Status:	Risk.NirSoft (on last analysis)
Analysis Date:	2018-12-18 12:06:37 (5 years ago)

Common Places:

%sysdrive%\dns\dnsjumper\files\nircmd

%programfiles%\easy context menu\files\nircmd

%desktop%\seting\othersettings\easycontextmenu_1.6\files\nircmd

%programfiles%\qgis wien\bin

%sysdrive%\osgeo4w64\bin

%programfiles%\qgis 2.18\bin

%programfiles%\qgis 2.16\bin

%windir%\system32

%programfiles%\qgis essen\bin

%localappdata%\microsoft\windows\filehistory\data\750\c\program files\qgis essen\bin

File Names:

nircmd_x64.exe

nircmd.exe

NirCmd.exe

Geography:

	15.0%
	9.0%
	9.0%
	6.9%
	6.9%
	6.4%
	5.6%
	4.7%
	4.3%
	3.9%
	3.4%
	3.0%
	2.6%
	2.1%
	1.7%
	1.7%
	1.3%
	1.3%
	0.9%
	0.9%
	0.9%
	0.9%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%
	0.4%

OS Version:

Windows 10	52.4%
Windows 7	40.8%
Windows 8.1	5.2%
Windows Embedded 8.1	0.9%
Windows XP	0.4%
Windows 8	0.4%

Analysis

PE Info:

Subsystem:	Windows GUI
PE Type:	pe
OS Bitness:	64
Image Base:	0x0000000140000000
Entry Address:	0x00015560

PE Sections:

Name	Size of data	MD5
.text	84480	59536fe6e2260831e5f02e235472f967
.rdata	24064	83eed1a63c29a995dbe9fe064ef95dac
.data	1024	3c3afa4c6d4487417551f0705cc03bde
.pdata	2560	918a19e9ca9456757f6fcba654c6b98d
.rsrc	2560	f070d001ed7695a0d52e8126cb8af3c5

More information:

Search on Virustotal

Download GridinSoft Anti-Malware - Removal tool for nircmd.exe

copyright for information about nircmd.exe