Solved

Questions Vulnerability apps and results

Posted on 2016-10-15
3
152 Views
Last Modified: 2016-10-15
We have ran a series of apps for vulnerability in one our computers.  We ran:

  • Malwarebytes Anti-Malware
  • Spybot-S&D Start Center
  • SUPERAntiSpyware Free Edition
  • COMODO Internet Security

Only Comodo returned infection on 'ProduKey' from NirSoft Utils infected by 'ApplicUnsaf@zfqom6n2sfa0'.
(Note: the file was download from the NirSoft site)

We uploaded 'ProduKey' to VirusTotal and the results came back as:

Probably harmless!
Antivirus                      Result                                                                  Update
---------------------      -------------------------------------------------------------    ---------------------
Malwarebytes       PUP.Optional.ProductKeyFinder                       20161015
Comodo                 ApplicUnsaf.Win64.ProductKeyFinder.~AB    20161015

After the results, we marked the file as "Exclusion" in Comodo.

Question,
  • Is this file really dangerous or is it a false result?
  • What is EE advice on other Online Scanning Services similar to VirusTotal?
(we wanted to check other reliable sites similar to VT)
0
Comment
Question by:rayluvs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 94

Assisted Solution

by:John Hurst
John Hurst earned 100 total points
ID: 41845004
Anything I have downloaded from NirSoft (a few things) at http://www.nirsoft.net/ is free of viruses and works well and reliably over time. No issues.

If you are downloading from the site I posted, then the warning above is a false positive.

If you are downloading from a third party site, change to the site I posted above.
1
 

Assisted Solution

by:Angel Romero
Angel Romero earned 100 total points
ID: 41845014
I agree with John Hurst. I've used their free software on many occasions and haven't had any trouble. Malwarebytes just advises that it is a program which digs out keys where it good terms is used to find your key but used wrong is used to harvest keys which don't belong to someone. Comodo on the other hand just classifies it as being bad.

Additionally "comodo" has been in trouble many times for their security malpractices. I wouldn't use their products...which explains why they have a lot of stuff for free or at rock bottom prices: they're clients are leaving them high and dry because of their malpractices. Just google for yourself.

What your using to scan is very simple and only look for malware items with most common virus/trojan/worm. I would recommend trying AVG Free or AVAST Free. And to top it off run SOPHOS virus removal tool. That's what I've had in my toolset for the past 4 years.

Happy hunting!
0
 
LVL 63

Accepted Solution

by:
btan earned 300 total points
ID: 41845035
It is of no harm and it is just diligence these software potential misuse if in wrong hands can be harmful to user hence the alert. See
if it is Nir Sofers ProduKey utility then MBAM detects this as "PUP.Optional.ProductKeyFinder".   That is NOT a malware detection.

 It was detected as a Potentially Unwanted Program ( PUP ) which is not a malware declaration.  Other vendor detections will use the declaration "hacktool" and "passview" .  

Presuming we are discussing Nir Sofers ProduKey utility, the utility is not malicious.  It is a tool for recovering the Product Key of applications. Because of its nature it is not detected because it is a malicious utility but because in the hands of someone with nefarious or dubious intentions it can be used maliciously.
 
That is where the misinterpretation lies.
Nirsoft is respectable source though the software should well used and not to be abused. Some of the Web prpxy filter may block their site due to potentials harmful down of those tool. But still they are not malicious software. They can still be trusted for use for legit purpose and you can check the software authorship too for source of truth.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
svg file 10 113
Tools to detect weak WiFi routers prior connecting to it 14 145
Virus that hides folders 6 56
TrapX & best honey pots that deal with email ransomwares & malwares 1 51
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question