Questions Vulnerability apps and results

We have ran a series of apps for vulnerability in one our computers.  We ran:

  • Malwarebytes Anti-Malware
  • Spybot-S&D Start Center
  • SUPERAntiSpyware Free Edition
  • COMODO Internet Security

Only Comodo returned infection on 'ProduKey' from NirSoft Utils infected by 'ApplicUnsaf@zfqom6n2sfa0'.
(Note: the file was download from the NirSoft site)

We uploaded 'ProduKey' to VirusTotal and the results came back as:

Probably harmless!
Antivirus                      Result                                                                  Update
---------------------      -------------------------------------------------------------    ---------------------
Malwarebytes       PUP.Optional.ProductKeyFinder                       20161015
Comodo                 ApplicUnsaf.Win64.ProductKeyFinder.~AB    20161015

After the results, we marked the file as "Exclusion" in Comodo.

Question,
  • Is this file really dangerous or is it a false result?
  • What is EE advice on other Online Scanning Services similar to VirusTotal?
(we wanted to check other reliable sites similar to VT)
rayluvsAsked:
Who is Participating?
 
btanExec ConsultantCommented:
It is of no harm and it is just diligence these software potential misuse if in wrong hands can be harmful to user hence the alert. See
if it is Nir Sofers ProduKey utility then MBAM detects this as "PUP.Optional.ProductKeyFinder".   That is NOT a malware detection.

 It was detected as a Potentially Unwanted Program ( PUP ) which is not a malware declaration.  Other vendor detections will use the declaration "hacktool" and "passview" .  

Presuming we are discussing Nir Sofers ProduKey utility, the utility is not malicious.  It is a tool for recovering the Product Key of applications. Because of its nature it is not detected because it is a malicious utility but because in the hands of someone with nefarious or dubious intentions it can be used maliciously.
 
That is where the misinterpretation lies.
Nirsoft is respectable source though the software should well used and not to be abused. Some of the Web prpxy filter may block their site due to potentials harmful down of those tool. But still they are not malicious software. They can still be trusted for use for legit purpose and you can check the software authorship too for source of truth.
0
 
JohnBusiness Consultant (Owner)Commented:
Anything I have downloaded from NirSoft (a few things) at http://www.nirsoft.net/ is free of viruses and works well and reliably over time. No issues.

If you are downloading from the site I posted, then the warning above is a false positive.

If you are downloading from a third party site, change to the site I posted above.
1
 
Angel RomeroSystems AdministratorCommented:
I agree with John Hurst. I've used their free software on many occasions and haven't had any trouble. Malwarebytes just advises that it is a program which digs out keys where it good terms is used to find your key but used wrong is used to harvest keys which don't belong to someone. Comodo on the other hand just classifies it as being bad.

Additionally "comodo" has been in trouble many times for their security malpractices. I wouldn't use their products...which explains why they have a lot of stuff for free or at rock bottom prices: they're clients are leaving them high and dry because of their malpractices. Just google for yourself.

What your using to scan is very simple and only look for malware items with most common virus/trojan/worm. I would recommend trying AVG Free or AVAST Free. And to top it off run SOPHOS virus removal tool. That's what I've had in my toolset for the past 4 years.

Happy hunting!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.