The TOTALCMD executable file is corrupted, possible VIRUS

Please report only one bug per message!

Moderators: sheep, Hacker, Stefan2, white

Post Reply
burhanemre
New Member
New Member
Posts: 1
Joined: 2017-10-06, 02:45 UTC

The TOTALCMD executable file is corrupted, possible VIRUS

Post by *burhanemre » 2017-10-06, 02:53 UTC

Hello Christian,

I have a script to start Total Commander in elevated mode and started getting the warning message below before TC exists. Root caused the issue to a mistake in the script that added a space at the end of the command line. Apparently Total Commander flags the space as a virus. I think the issue started after upgrading to version 9. Verified reproduces with 9.0a 32bit (2016-12-14). Please run the following command line from a cmd window (note the trailing space):

C:\Users\user>"c:\Program Files\totalcmd\TOTALCMD.EXE "

---------------------------
Total Commander
---------------------------
WARNING: The TOTALCMD executable file is corrupted, possible VIRUS!
Totalcmd will close. Please run a virus scanner as soon as possible!
---------------------------
OK
---------------------------

User avatar
petermad
Power Member
Power Member
Posts: 8765
Joined: 2003-02-05, 20:24 UTC
Location: Valsted, Denmark
Contact:

Post by *petermad » 2017-10-06, 03:51 UTC

Hmm, if I try to launch totalcmd.exe with a trailing space, all that happens is that TC opens and closes again in a split second.

If I do the same with totalcmd64.exe, TC opens but only parts of the GUI is loaded and after a few seconds TC closes again.

But I don't get any arror messages.

Testet with TC 9.0, 9.0a and 9.1b3 32- and 64bit. both from an elevated and a non-elevated command prompt.

EDIT
If I start with a fresh ini-file like this:
"C:\Program Files\totalcmd\TOTALCMD64.EXE " /i=f:\temp\tc.ini then TC stays open and I get the virus warning after a few seconds,
License #524 (1994)
Danish Total Commander Translator
TC 9.5b3 32+64bit on Win XP 32bit, Win 7, 8.1 & 10 (1903) 64bit, 'Everything' 1.4.1.935 (x64)
TC 3.0b12 on Android 6.0
Get: Extended Total Commander Menus | PHSM-Calendar

User avatar
Dalai
Power Member
Power Member
Posts: 6740
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Post by *Dalai » 2017-10-06, 04:47 UTC

Set the current working directory prior to launching TC to avoid such issues.

A little background info: I had the same issue years ago with my ThinkPad which has some hotkey driver that can launch user-defined programs. Launching totalcmd.exe directly triggered the message in the OP. So I worked around it by launching a script by the hotkey driver instead. This script sets the working directory to TC directory and starts TC afterwards.

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 38054
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2017-10-06, 09:31 UTC

TC checks its own EXE on startup to detect tampering. Apparently CreateFile fails when there is an extra space at the end. Currently I don't have any plans to change this.
Author of Total Commander
http://www.ghisler.com

User avatar
Flint
Power Member
Power Member
Posts: 3200
Joined: 2003-10-27, 09:25 UTC
Location: Moscow, Russia
Contact:

Post by *Flint » 2017-11-09, 11:59 UTC

ghisler(Author)
You can use GetModuleFileName to get executable path instead of relying on what command line was launched.
Flint's Homepage: Full TC Russification Package, VirtualDisk, NTFS Links, NoClose Replacer, and other stuff!
 
Using TC 9.22a / Win7 x64 SP1, Win10 x64

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 38054
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2017-11-09, 15:51 UTC

Yes, I could try that, but it may cause other problems (e.g. with Unicode names). Therefore I prefer not to change it now.
Author of Total Commander
http://www.ghisler.com

User avatar
MVV
Power Member
Power Member
Posts: 8385
Joined: 2008-08-03, 12:51 UTC
Location: Russian Federation

Post by *MVV » 2017-11-09, 18:00 UTC

GetModuleFileNameW has no Unicode problems. :)

Mlsoun
Junior Member
Junior Member
Posts: 2
Joined: 2019-07-28, 15:02 UTC

Re: The TOTALCMD executable file is corrupted, possible VIRUS

Post by *Mlsoun » 2019-07-28, 15:37 UTC

this problem of corrupted file occure when you run TC from .rdp file to (Terminál Server). Use XXX.bat in .rdp and run Totalcmd.exe from bat file for resolving problem with this type of error message

Post Reply