Solved

Questions Vulnerability apps and results

Posted on 2016-10-15
3
50 Views
Last Modified: 2016-10-15
We have ran a series of apps for vulnerability in one our computers.  We ran:

  • Malwarebytes Anti-Malware
  • Spybot-S&D Start Center
  • SUPERAntiSpyware Free Edition
  • COMODO Internet Security

Only Comodo returned infection on 'ProduKey' from NirSoft Utils infected by 'ApplicUnsaf@zfqom6n2sfa0'.
(Note: the file was download from the NirSoft site)

We uploaded 'ProduKey' to VirusTotal and the results came back as:

Probably harmless!
Antivirus                      Result                                                                  Update
---------------------      -------------------------------------------------------------    ---------------------
Malwarebytes       PUP.Optional.ProductKeyFinder                       20161015
Comodo                 ApplicUnsaf.Win64.ProductKeyFinder.~AB    20161015

After the results, we marked the file as "Exclusion" in Comodo.

Question,
  • Is this file really dangerous or is it a false result?
  • What is EE advice on other Online Scanning Services similar to VirusTotal?
(we wanted to check other reliable sites similar to VT)
0
Comment
Question by:rayluvs
3 Comments
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 100 total points
ID: 41845004
Anything I have downloaded from NirSoft (a few things) at http://www.nirsoft.net/ is free of viruses and works well and reliably over time. No issues.

If you are downloading from the site I posted, then the warning above is a false positive.

If you are downloading from a third party site, change to the site I posted above.
1
 

Assisted Solution

by:Angel Romero
Angel Romero earned 100 total points
ID: 41845014
I agree with John Hurst. I've used their free software on many occasions and haven't had any trouble. Malwarebytes just advises that it is a program which digs out keys where it good terms is used to find your key but used wrong is used to harvest keys which don't belong to someone. Comodo on the other hand just classifies it as being bad.

Additionally "comodo" has been in trouble many times for their security malpractices. I wouldn't use their products...which explains why they have a lot of stuff for free or at rock bottom prices: they're clients are leaving them high and dry because of their malpractices. Just google for yourself.

What your using to scan is very simple and only look for malware items with most common virus/trojan/worm. I would recommend trying AVG Free or AVAST Free. And to top it off run SOPHOS virus removal tool. That's what I've had in my toolset for the past 4 years.

Happy hunting!
0
 
LVL 61

Accepted Solution

by:
btan earned 300 total points
ID: 41845035
It is of no harm and it is just diligence these software potential misuse if in wrong hands can be harmful to user hence the alert. See
if it is Nir Sofers ProduKey utility then MBAM detects this as "PUP.Optional.ProductKeyFinder".   That is NOT a malware detection.

 It was detected as a Potentially Unwanted Program ( PUP ) which is not a malware declaration.  Other vendor detections will use the declaration "hacktool" and "passview" .  

Presuming we are discussing Nir Sofers ProduKey utility, the utility is not malicious.  It is a tool for recovering the Product Key of applications. Because of its nature it is not detected because it is a malicious utility but because in the hands of someone with nefarious or dubious intentions it can be used maliciously.
 
That is where the misinterpretation lies.
Nirsoft is respectable source though the software should well used and not to be abused. Some of the Web prpxy filter may block their site due to potentials harmful down of those tool. But still they are not malicious software. They can still be trusted for use for legit purpose and you can check the software authorship too for source of truth.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now