Nircmd Sophos
ProgramWin32Pameseg.U is a hazardous ransomware which wants affected PC users to purchase some software programs that are freely available on the Internet. Nircmd.exe tagged by Sophos Anti-Virus. So I appreciate this isn't an issue with Prey per-se, but I do wonder if you're about to get a barrage of incoming email / support about it, and it might be useful to know. As of 'Threat Data: 5.39', Sophos Anti-Virus is detecting nircmd.exe as being spyware, and directing users to.
| Name | Engine |
|---|---|
| BHO.KEM | AVG |
| Voronezh.1600.A | N/A |
| Trojan.1 | Sunbelt |
| Trojan/Win32.Genome | AhnLab-V3 |
| Trojan/Win32.Genome.gen | Antiy-AVL |
| Adware.Bho.405 | DrWeb |
| TrojWare.Win32.BHO.RB | Comodo |
| Trojan.Generic.1249573 | BitDefender |
| Trojan.Win32.Genome.ftdn | Kaspersky |
| TROJ_Generic.DIF | N/A |
| W32/Suspicious_Gen.FKFM | N/A |
| Win32/BHO.NUJ | NOD32 |
| Trojan.Chepdu.FF | N/A |
| Trojan/W32.Agent.176128.CR | N/A |
| Adware/WebSearch | Panda |
| Generic11.BLQD | AVG |
| W32/Agent.IJE!tr | Fortinet |
| Trojan.Generic | N/A |
| Trojan/Win32.BHO | AhnLab-V3 |
| High Risk Worm | N/A |
| Trojan/BHO.bny | N/A |
| TR/BHO.Gen | AntiVir |
| Trojan.Siggen.1485 | DrWeb |
| TrojWare.Win32.Trojan.BHO.IJE0 | Comodo |
| Trojan.Generic.1217263 | BitDefender |
| Trojan.Win32.BHO.ije | Kaspersky |
| Trojan.BHO-4379 | ClamAV |
| TROJ_Generic.F01 | N/A |
| W32/BHO.HAX | N/A |
| Trojan Horse | Symantec |
| W32/Trojan3.QC | F-Prot |
| Win32/BHO.IJE | NOD32 |
| Trojan.BHO.QPK | N/A |
| Trojan/BHO.ije | N/A |
| Trojan.BHO.ije | CAT-QuickHeal |
| Trojan/W32.BHO.172032.N | N/A |
| Artemis!D52A849BAAE0 | McAfee |
| AdWare.Win32.BHO.fgf | N/A |
| Win32/Gamepass.MSK | eTrust-Vet |
| Mal/BanLoad-N | Sophos |
| TR/Drop.Agen.241664 | AntiVir |
| a variant of Win32/Chepdu.AC | NOD32 |
| Trojan.Chepdu.R | CAT-QuickHeal |
| Gen:Variant.Chepdu.1 | N/A |
| Trojan-Ransom.Win32.PinkBlocker!IK | N/A |
| Artemis!44318FE27B32 | McAfee |
| Cryptic.CCF | AVG |
| Gen.Variant.Hiloti | Ikarus |
| Trojan.Win32.Generic.12758BCB | N/A |
| Trojan.Agent/Gen-Kazy[FrameDbl] | N/A |
| TR/Crypt.XPACK.Gen3 | AntiVir |
| a variant of Win32/Kryptik.KDH | NOD32 |
| Gen:Variant.Kazy.3358 | N/A |
| Trojan-Ransom.Win32.PinkBlocker | Ikarus |
| Trojan.Script.BAT.Agent.cz | N/A |
| PUA.Tool.Nirsofer.NirCmd | ClamAV |
| Virus in password protected archive | eSafe |
| 23.44.00.08 | N/A |
| Artemis!A8C48C8994EB | McAfee |
| Bscope.Malware-Cryptor.Tip | N/A |
| Trojan/Win32.Hiloti | AhnLab-V3 |
| Trojan.Agent/Gen-RogueDrop | N/A |
| Mal/Hiloti-D | Sophos |
| Trojan.Win32.Hiloti.mp (v) | N/A |
| Gen:Variant.Hiloti.3 | BitDefender |
| TROJ_HILOTI.SME2 | N/A |
| Trojan.Script.BAT.StartPage.by | N/A |
| Virus/Win32.Goblin.gen | Antiy-AVL |
| Trojan/Agent.dwsp | N/A |
| NirCmd | Sophos |
| Artemis!4C1BD6F803C2 | McAfee |
| Trojan-Downloader.Win32.Agent.daom | N/A |
| Win-Trojan/Eggdrop.246532 | AhnLab-V3 |
| Mal/Emogen-E | Sophos |
| Heuristic.LooksLike.Win32.Suspicious.J | McAfee-GW-Edition |
| PUA.Packed.PECompact-1 | ClamAV |
| Suspicious File | eSafe |
| W32/Suspicious.C4!genr | N/A |
| W32/Threat-SysVenFakP-based!Maximus | F-Prot |
| Backdoor | K7AntiVirus |
| Backdoor.EggDrop.17 | CAT-QuickHeal |
| Trojan/W32.Agent.118272.BY | N/A |
| Cryptic.BTQ | AVG |
| W32/BHO.BBPS!tr | Fortinet |
| Gen.Variant.Buzy | Ikarus |
| Trojan.BHO.bbps | N/A |
| Win-Trojan/Bho.407040.B | AhnLab-V3 |
| TR/BHO.bbps | AntiVir |
| MalCrypt.Indus! | Comodo |
| Gen.Variant.Buzy!IK | N/A |
| Gen:Heur.Krypt.12 | BitDefender |
| Trojan.Win32.BHO.bbps | Kaspersky |
| WS.Reputation.1 | Symantec |
| a variant of Win32/Kryptik.JQJ | NOD32 |
| Trojan.BHO!DA5rNjq2Kw4 | N/A |
| Trojan/BHO.bbps | N/A |
| Artemis!934030D2B0DA | McAfee |
| Trojan/W32.BHO.407040 | N/A |
| Generic Trojan | Panda |
| Generic20.CFSI | AVG |
| W32/Palevo.BJD!worm | Fortinet |
| Gen.Trojan.Heur | Ikarus |
| Trojan.Win32.Generic.1274E0DF | N/A |
| Worm.Kolab.srr | N/A |
| Trojan/Win32.Injector | AhnLab-V3 |
| Medium Risk Malware | N/A |
| Worm.Win32.Net-Kolab.60416 | N/A |
| Trojan/Pincav.llv | N/A |
| Win32/Rimecud.CHF | eTrust-Vet |
| Mal/Generic-L | Sophos |
| TR/Spy.36864.105 | AntiVir |
| Win32.HLLW.Autoruner.44501 | DrWeb |
| Gen.Trojan.Heur!IK | N/A |
| Gen:Trojan.Heur.RP.cmW@augrWmbG | BitDefender |
| Trojan.Win32.Pincav.axri | Kaspersky |
| Trojan.Pincav-86 | ClamAV |
| Win32.GenHeur.RP.Cmw | eSafe |
| TROJ_LAMEWAR.VTG | N/A |
| W32/Kolab.KK | N/A |
| Win32/AutoRun.KS | NOD32 |
| Trojan.Pincav!wNZ8c82Vph8 | N/A |
| Riskware | K7AntiVirus |
| Artemis!CAB27BA7842B | McAfee |
| Trojan.Pincav.axri | CAT-QuickHeal |
| Trojan.Win32.Generic.12778E2D | N/A |
| High Risk Cloaked Malware | N/A |
| TR/Agent.53248.EG | AntiVir |
| Trojan.Packed.21395 | DrWeb |
| Heur.Suspicious | Comodo |
| Gen:Trojan.Heur.RP.dmW@aGX0tlhG | BitDefender |
| Packed.Win32.Krap.ig | Kaspersky |
| a variant of Win32/Injector.EOE | NOD32 |
| Trj/Downloader.MDW | Panda |
| BHO.GDM | AVG |
| W32/Chepdu.SC!tr | Fortinet |
| Trojan.Win32.Chepdu | Ikarus |
| Trojan.Win32.Generic!BT | Sunbelt |
| Win32.BHO.NJG | N/A |
| Trojan:Win32/Chepdu.B | Microsoft |
| Downloader.Trojan | Symantec |
| Trojan/Win32.BHO.gen | Antiy-AVL |
| Heur:Trojan/BHO | N/A |
| Mal/BHO-Q | Sophos |
| Trojan.BHO.172032 | McAfee-GW-Edition |
| TROJ_GEN.0Z0802 | TrendMicro |
| TR/BHO.172032 | AntiVir |
| Trojan.BhoSiggen.678 | DrWeb |
| Trojan.Generic.876032 | BitDefender |
| Trojan.Win32.BHO.puv | Kaspersky |
| Trojan.BHO-4562 | ClamAV |
| Win32:Trojan-gen | Avast |
| W32/BHO.MOS | N/A |
| Trojan.Win32.Chepdu!IK | a-squared |
| W32/BadBHO.J.gen!Eldorado | F-Prot |
| Win32/BHO.NJG | NOD32 |
| Trojan.Chepdu.P | N/A |
| Trojan.Win32.Malware.1 | K7AntiVirus |
| Trojan.Chepdu.b | CAT-QuickHeal |
| Trojan/W32.Agent.167936.AK | N/A |
| Generic.dx | McAfee+Artemis |
Program:Win32/Pameseg.U Description
ProgramWin32Pameseg.U is a hazardous ransomware which wants affected PC users to purchase some software programs that are freely available on the Internet. Surviving mars: deluxe upgrade pack for mac. ProgramWin32Pameseg.U asks computer users to send SMS messages to premium numbers for a successful installation of some software products. ProgramWin32Pameseg.U comes bundled with some software installation tools. When ProgramWin32Pameseg.U enters the corrupted PC system, it displays pop-up alerts and interfaces of a foreign language, which informs the computer user that he/she should send an SMS message to a predefined number. After the infected computer user sends the SMS, he/she gets an activation code to activate any one of certain software products. The activation codes ProgramWin32Pameseg.U gives after the PC user sends the SMS to the premium number are falsified, and all of the software applications ProgramWin32Pameseg.U claims to be able to activate are freeware programs. Do not pay for a so-called activation of any of offered applications. ProgramWin32Pameseg.U also downloads and installs other malware infections to the corrupted machine. Remove ProgramWin32Pameseg.U as quickly as possible. Battlevoid: sector siege ost for mac.
Technical Information
File System Details
| # | File Name | Size | MD5 | Detection Count |
|---|---|---|---|---|
| 1 | D:messenger-b.exe | 638,000 | f6613dc2e0740d249a35b896acc2c46b | 17 |
| 2 | %USERPROFILE%Mis documentosto??oMessenger9.0.exe | 3,064,879 | 6d7e702c602c5f89e4afd1ea13769a8e | 3 |
| 3 | %USERPROFILE%DesktopComboFix.exe | 4,327,458 | 03e4f116988e0c156246ff953c66993e | 2 |
| 4 | E:Softwaremessenger.exe | 637,848 | 97b8f379b3eb62db59dce579fdd0af22 | 1 |
| 5 | ComboFix.exe | N/A |
Nircmd Sophos
Site Disclaimer
Sophos Nircmd.exe
This article is provided 'as is' and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.