Jump to content

Unknown file, ‘nddcf.cmd in C://Windows/SysWow64 directory. Is it a malware?


Recommended Posts

Posted

I am running KIS 20 and Windows 10 home. Recently I ran a scan (Using KIS and Malwarebytes) and nothing was found. But when I ran Norton’s Power Eraser, it found a file called ‘nddcf.cmd’ in the SysWOW64 folder, stating that the the above file’s security status is “Unknown”

File’s status is unknown

I got a suspicious and opened the ‘.cmd’ file in Notepad and found that it was written in some langugage (Maybe Chinese). 

nddcf.cmd was written in chinese

I found two things to be suspicious:

  1. “.cmd” file when run in command prompt, it ran something related to Ncat:
    .cmd file running Ncat related stuff
  2. this ‘.cmd’ file inturn opened another ‘ndc.exe’ file in the background

Even though KIS found nothing, could it be a sign of my PC being hacked? because I read that Ncat and ndc.exe files can be used by hackers. Someone please help.

Posted

Yes, but the fact that this file was written in some asian language is bugging me because I don’t remember installing any of it. I thought I would be getting an answer here since I am a KIS user. If you could shed some light, that would be helpful

 

Flood and Flood's wife
Posted

@N_S_M,

  • Regarding the text file in unknown language, copy the text to a translator - that will confirm the language and provide a translation. 
  • If you remain concerned, log a case with Kaspersky Technical Support → follow the Malware template (image below): zip the suspect file/s - name the zip folder malware, protect it with a password & add the password to the request information; provide Support with a full history, all images, & a GSI & Windows Logs - ask Support to please assist

 

 

 

 

 

  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will communicate with you, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
  • Please let us know their advice when it’s available?

Thank you🙏

Flood🐳

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...