?
Solved

Questions Vulnerability apps and results

Posted on 2016-10-15
3
Medium Priority
?
194 Views
Last Modified: 2016-10-15
We have ran a series of apps for vulnerability in one our computers.  We ran:

  • Malwarebytes Anti-Malware
  • Spybot-S&D Start Center
  • SUPERAntiSpyware Free Edition
  • COMODO Internet Security

Only Comodo returned infection on 'ProduKey' from NirSoft Utils infected by 'ApplicUnsaf@zfqom6n2sfa0'.
(Note: the file was download from the NirSoft site)

We uploaded 'ProduKey' to VirusTotal and the results came back as:

Probably harmless!
Antivirus                      Result                                                                  Update
---------------------      -------------------------------------------------------------    ---------------------
Malwarebytes       PUP.Optional.ProductKeyFinder                       20161015
Comodo                 ApplicUnsaf.Win64.ProductKeyFinder.~AB    20161015

After the results, we marked the file as "Exclusion" in Comodo.

Question,
  • Is this file really dangerous or is it a false result?
  • What is EE advice on other Online Scanning Services similar to VirusTotal?
(we wanted to check other reliable sites similar to VT)
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 97

Assisted Solution

by:Experienced Member
Experienced Member earned 400 total points
ID: 41845004
Anything I have downloaded from NirSoft (a few things) at http://www.nirsoft.net/ is free of viruses and works well and reliably over time. No issues.

If you are downloading from the site I posted, then the warning above is a false positive.

If you are downloading from a third party site, change to the site I posted above.
1
 

Assisted Solution

by:Angel Romero
Angel Romero earned 400 total points
ID: 41845014
I agree with John Hurst. I've used their free software on many occasions and haven't had any trouble. Malwarebytes just advises that it is a program which digs out keys where it good terms is used to find your key but used wrong is used to harvest keys which don't belong to someone. Comodo on the other hand just classifies it as being bad.

Additionally "comodo" has been in trouble many times for their security malpractices. I wouldn't use their products...which explains why they have a lot of stuff for free or at rock bottom prices: they're clients are leaving them high and dry because of their malpractices. Just google for yourself.

What your using to scan is very simple and only look for malware items with most common virus/trojan/worm. I would recommend trying AVG Free or AVAST Free. And to top it off run SOPHOS virus removal tool. That's what I've had in my toolset for the past 4 years.

Happy hunting!
0
 
LVL 64

Accepted Solution

by:
btan earned 1200 total points
ID: 41845035
It is of no harm and it is just diligence these software potential misuse if in wrong hands can be harmful to user hence the alert. See
if it is Nir Sofers ProduKey utility then MBAM detects this as "PUP.Optional.ProductKeyFinder".   That is NOT a malware detection.

 It was detected as a Potentially Unwanted Program ( PUP ) which is not a malware declaration.  Other vendor detections will use the declaration "hacktool" and "passview" .  

Presuming we are discussing Nir Sofers ProduKey utility, the utility is not malicious.  It is a tool for recovering the Product Key of applications. Because of its nature it is not detected because it is a malicious utility but because in the hands of someone with nefarious or dubious intentions it can be used maliciously.
 
That is where the misinterpretation lies.
Nirsoft is respectable source though the software should well used and not to be abused. Some of the Web prpxy filter may block their site due to potentials harmful down of those tool. But still they are not malicious software. They can still be trusted for use for legit purpose and you can check the software authorship too for source of truth.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question