Jump to content
Kaspersky Support Forum

Unknown file, ‘nddcf.cmd in C://Windows/SysWow64 directory. Is it a malware?

N_S_M

By N_S_M
in Kaspersky Internet Security

 Share

Recommended Posts

N_S_M

N_S_M

Posted
  • Author
Posted

I am running KIS 20 and Windows 10 home. Recently I ran a scan (Using KIS and Malwarebytes) and nothing was found. But when I ran Norton’s Power Eraser, it found a file called ‘nddcf.cmd’ in the SysWOW64 folder, stating that the the above file’s security status is “Unknown”

File’s status is unknown

I got a suspicious and opened the ‘.cmd’ file in Notepad and found that it was written in some langugage (Maybe Chinese). 

nddcf.cmd was written in chinese

I found two things to be suspicious:

  1. “.cmd” file when run in command prompt, it ran something related to Ncat:
    .cmd file running Ncat related stuff
  2. this ‘.cmd’ file inturn opened another ‘ndc.exe’ file in the background

Even though KIS found nothing, could it be a sign of my PC being hacked? because I read that Ncat and ndc.exe files can be used by hackers. Someone please help.

Link to comment
Share on other sites
N_S_M

N_S_M

Posted
  • Author
Posted

Yes, but the fact that this file was written in some asian language is bugging me because I don’t remember installing any of it. I thought I would be getting an answer here since I am a KIS user. If you could shed some light, that would be helpful

 

Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

@N_S_M,

  • Regarding the text file in unknown language, copy the text to a translator - that will confirm the language and provide a translation. 
  • If you remain concerned, log a case with Kaspersky Technical Support → follow the Malware template (image below): zip the suspect file/s - name the zip folder malware, protect it with a password & add the password to the request information; provide Support with a full history, all images, & a GSI & Windows Logs - ask Support to please assist

 

 

 

 

 
  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will communicate with you, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
  • Please let us know their advice when it’s available?

Thank you🙏

Flood🐳

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...