Solved

Questions Vulnerability apps and results

Posted on 2016-10-15
3
116 Views
Last Modified: 2016-10-15
We have ran a series of apps for vulnerability in one our computers.  We ran:

  • Malwarebytes Anti-Malware
  • Spybot-S&D Start Center
  • SUPERAntiSpyware Free Edition
  • COMODO Internet Security

Only Comodo returned infection on 'ProduKey' from NirSoft Utils infected by 'ApplicUnsaf@zfqom6n2sfa0'.
(Note: the file was download from the NirSoft site)

We uploaded 'ProduKey' to VirusTotal and the results came back as:

Probably harmless!
Antivirus                      Result                                                                  Update
---------------------      -------------------------------------------------------------    ---------------------
Malwarebytes       PUP.Optional.ProductKeyFinder                       20161015
Comodo                 ApplicUnsaf.Win64.ProductKeyFinder.~AB    20161015

After the results, we marked the file as "Exclusion" in Comodo.

Question,
  • Is this file really dangerous or is it a false result?
  • What is EE advice on other Online Scanning Services similar to VirusTotal?
(we wanted to check other reliable sites similar to VT)
0
Comment
Question by:rayluvs
3 Comments
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 100 total points
ID: 41845004
Anything I have downloaded from NirSoft (a few things) at http://www.nirsoft.net/ is free of viruses and works well and reliably over time. No issues.

If you are downloading from the site I posted, then the warning above is a false positive.

If you are downloading from a third party site, change to the site I posted above.
1
 

Assisted Solution

by:Angel Romero
Angel Romero earned 100 total points
ID: 41845014
I agree with John Hurst. I've used their free software on many occasions and haven't had any trouble. Malwarebytes just advises that it is a program which digs out keys where it good terms is used to find your key but used wrong is used to harvest keys which don't belong to someone. Comodo on the other hand just classifies it as being bad.

Additionally "comodo" has been in trouble many times for their security malpractices. I wouldn't use their products...which explains why they have a lot of stuff for free or at rock bottom prices: they're clients are leaving them high and dry because of their malpractices. Just google for yourself.

What your using to scan is very simple and only look for malware items with most common virus/trojan/worm. I would recommend trying AVG Free or AVAST Free. And to top it off run SOPHOS virus removal tool. That's what I've had in my toolset for the past 4 years.

Happy hunting!
0
 
LVL 62

Accepted Solution

by:
btan earned 300 total points
ID: 41845035
It is of no harm and it is just diligence these software potential misuse if in wrong hands can be harmful to user hence the alert. See
if it is Nir Sofers ProduKey utility then MBAM detects this as "PUP.Optional.ProductKeyFinder".   That is NOT a malware detection.

 It was detected as a Potentially Unwanted Program ( PUP ) which is not a malware declaration.  Other vendor detections will use the declaration "hacktool" and "passview" .  

Presuming we are discussing Nir Sofers ProduKey utility, the utility is not malicious.  It is a tool for recovering the Product Key of applications. Because of its nature it is not detected because it is a malicious utility but because in the hands of someone with nefarious or dubious intentions it can be used maliciously.
 
That is where the misinterpretation lies.
Nirsoft is respectable source though the software should well used and not to be abused. Some of the Web prpxy filter may block their site due to potentials harmful down of those tool. But still they are not malicious software. They can still be trusted for use for legit purpose and you can check the software authorship too for source of truth.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Amavisd File filetering issue 8 165
Yet another Ransome ware 13 176
Roguekiller has no option of deleting 19 109
yahoo suddenly spam email 13 55
This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and h…
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question