Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    2 Star Lounger
    Join Date
    Oct 2009
    Location
    Shoreline, Washington, USA
    Posts
    147
    Thanks
    0
    Thanked 1 Time in 1 Post



    PERIMETER SCAN

    Free utility suite bundles over 100 tools


    By Ryan Russell

    A popular Windows utility maker offers its suite of apps as a single download with a new application launcher that makes picking and running a utility quick and easy.

    The suite covers everything from an application-crash reporter to a Windows updates viewer — and over 100 other titles in between.

    The full text of this column is posted at WindowsSecrets.com/2010/05/20/07 (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by revia; 2011-01-19 at 18:34.

  2. #2
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Iowa, USA
    Posts
    163
    Thanks
    1
    Thanked 1 Time in 1 Post
    Microsoft Security Essentials (MSE) detects two viruses within the Nirsoft download. I've never heard of Nirsoft before. Are you sure that this download and company are safe, and if so, why does MSE detect viruses within it? The viruses detected by MSE are:
    Trojan:Win32/Blad!irts - Alert Level High
    HackTool:Win32/Passview - Alert Level Medium

    I would really like a response to this question but I'm not sure how to get it since the end of the column says:

    "Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns."

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Salt Lake City, UT
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Roger Farmer View Post
    Microsoft Security Essentials (MSE) detects two viruses within the Nirsoft download. I've never heard of Nirsoft before. Are you sure that this download and company are safe, and if so, why does MSE detect viruses within it?
    Yes, it would be a good idea to discuss the security implications of any download. However, your issue is with Nirsoft, and they have a page that discusses the problem here:
    Nirsoft blog about Antivirus Companies

    Good luck!

    Kevin

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    Texas,USA
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Many legitimate companies offer password recovery tools. If it's a tool that can be used by the bad guys, many anti-malware vendors will classify it as a Trojan or Virus, even though most of us might need it someday and will use it for good and honest purposes. I've used NirSoft products before and they are legitimate. Never caused any issues on any of my computers. You can temporarily turn off your MSE by clicking Settings tab > Real-time protection > uncheck the "turn on" box. You may have to turn off your SmartScreen Filter, too. To see if you're using SmartScreen Filter, click Tools (in the menu bar, upper left of screen next to File, Edit, View, etc.) and follow the prompts to temporarily disable it. Even if you turn off your MSE the SmartScreen filter will block the NirSoft download. Don't forget to turn MSE and SmartScreen Filter back on when finished.

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,593
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    Another nice launcher for the Nirsoft utilities but also for Sysinternals is KLS SOFT - WSCC - Windows System Control Center.

    Joe
    Joe

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Port Orchard, WA
    Posts
    14
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Kevin Nechodom View Post
    Yes, it would be a good idea to discuss the security implications of any download. However, your issue is with Nirsoft, and they have a page that discusses the problem here:
    Nirsoft blog about Antivirus Companies

    Good luck!

    Kevin
    Sorry Kevin. How is this an issue with Nirsoft?

    Microsoft Security Essentials flagged the same 2 files on my system when I downloaded the Nirsoft Utilities. It was easy for me to "allow" the Passview file because I had a sense of why it was flagged and felt comfortable letting it stand. However, I could not find such a file as "Trojan:Win32/Bladi!rts" in the list of files being downloaded.

    So I went to the MS Malware Protection site and here's what it says: "Trojan:Win32/Bladi!rts is a name used for trojan detections that have been added to Microsoft signatures after advanced automated analysis." and "There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s)." Pretty informative isn't it.

    Then I tried submitting a sample for analysis but I can't find the Bladi!rts file on my computer even though I "allowed" it in MSE.

    It seems that some file that's part of the Nirsoft download has been flagged as Critical by a security software routine, given a generic name and we're told that it's asymptomatic. What's wrong with this picture?

    Regards,

    Dan

  7. #7
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Bozeman, MT
    Posts
    328
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Between MSE and Avira, there were about 17 malware warnings (some at once) between the unzip and opening the program. The first batch includes Trojan: Win32/Bladi!rts, Hacktool:Win32/Passview and astlog.exe - SPR/PSW.Asterisk.C, while the latter include the password related apps, the key/keyview/view/dump apps. Almost all of those are listed as SPR/... malware. I wrote Windows Secrets about this before thinking of stopping by here.

    I assume (and hope) all of these are related to the nature of the apps themselves, and thus false positives not malware. What bothers me is that this should have been checked prior to publishing and then spoken to in Ryan's article.

    Btw, what app is "Trojan: Win32/Bladi!rts" related to?

  8. #8
    Super Moderator Deadeye81's Avatar
    Join Date
    Dec 2009
    Location
    North Carolina, USA
    Posts
    2,654
    Thanks
    7
    Thanked 113 Times in 97 Posts
    Hi all, and welcome to all first time posters in the Lounge!

    I want to let all who enter this thread know that Roger Farmer also posted his question in the Windows 7 forum in this thread , which has since been moved to the Security & Backups forum.

    We want to encourage anyone interested in the topic of AV alerts concerning the Nirsoft product to post in the Security & Backups thread. The thread in the Security & Backups forum has the most potential for discussion as many veteran loungers will frequent the Security & Backups forum and participate in the discussion.

    Thanks, and enjoy the Lounge!

    Gerald
    Deadeye81

    "We make a living by what we get, we make a life by what we give." Sir Winston Churchill

  9. #9
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Bozeman, MT
    Posts
    328
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Gerald, please clarify. This thread would seem far and away the most logical place for discussion of the issue, on the face of it, and is a Windows system version neutral forum.

  10. #10
    Super Moderator Deadeye81's Avatar
    Join Date
    Dec 2009
    Location
    North Carolina, USA
    Posts
    2,654
    Thanks
    7
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by highstream View Post
    Gerald, please clarify. This thread would seem far and away the most logical place for discussion of the issue, on the face of it, and is a Windows system version neutral forum.
    Yes, I agree. And the Security & Backups forum should be even better.

    Thanks
    Deadeye81

    "We make a living by what we get, we make a life by what we give." Sir Winston Churchill

  11. #11
    New Lounger
    Join Date
    May 2010
    Location
    Smithtown, NY
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Just signed up to forum to add my first-time-disappointment with your advice... altho I trust your site implicitly, I automatically scan all downloads w/AVIRA.... it detected 15!!! viruses??!!?! ... wut-up?? any Quality Control on WS?... did author ever try the 'download' for effectiveness?? tell me I made a mistake... tx

  12. #12
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,593
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    Quote Originally Posted by Al Cimino View Post
    Just signed up to forum to add my first-time-disappointment with your advice... altho I trust your site implicitly, I automatically scan all downloads w/AVIRA.... it detected 15!!! viruses??!!?! ... wut-up?? any Quality Control on WS?... did author ever try the 'download' for effectiveness?? tell me I made a mistake... tx
    Did you read the other posts about this particularly numbers 3 & 4 in this thread?

    Joe
    Joe

  13. #13
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Bozeman, MT
    Posts
    328
    Thanks
    2
    Thanked 3 Times in 3 Posts
    Here's the reply I got from Avira, after submitting all the Nirsoft Utilities files getting warnings from Avira and MSE:

    "Thank you for submitting this suspect files. Well we've analyzed these files again and cannot detect any false positive report. So our detection with SPR (Security Privacy Risk) is correct cause these files are opening some network ports which provides security risks.

    If you need to use this application you have to exclude this application folder and files in AV guard and AV scanner."

  14. #14
    New Lounger
    Join Date
    Dec 2009
    Location
    Bristol, UK
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by RogerF View Post
    Microsoft Security Essentials (MSE) detects two viruses within the Nirsoft download. I've never heard of Nirsoft before. Are you sure that this download and company are safe, and if so, why does MSE detect viruses within it? The viruses detected by MSE are:
    Trojan:Win32/Blad!irts - Alert Level High
    HackTool:Win32/Passview - Alert Level Medium

    I would really like a response to this question but I'm not sure how to get it since the end of the column says:

    "Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns."
    I had the same problem. So I went to the MSE and clicked settings. Then went into the Default actions. In that window at the bottom there is a click on/off thingy which says "Apply recommended actions...blah blah" I Unclicked that and the downloaded the Nir package. A little window came up saying "The file you are downloading...." and on that window it says "Disregard and download unsafe file....". I clicked on that and eveything went fine. Then I moved the unzipped Nir package into my USB fob. Deleted all the Nir stuff from my hard drive and put clicked the MSE back on.

    Now my problem is how to make the USB fob read only. Any advice welcome.as to how?

    Regards

  15. #15
    5 Star Lounger
    Join Date
    Jan 2002
    Location
    Midlothian, Virginia, USA
    Posts
    875
    Thanks
    0
    Thanked 2 Times in 1 Post
    I just downloaded the NirSoft bundle as suggested in the newsletter article and opened the launcher but it's window is completely empty! What am I supposed to do to get this set up for use? I extracted the ZIP file onto a flash drive.

    BTW, to all the people who have posted about viruswarnings: The article did point out that this is likely to happen because of the nature of these programs -- they dig into things and open ports, etc.; the same kind of things that a virus or trojan does, except these programs are supposed to do that, that's why we use them. In fact, if my memory is correct, the article stated that if you antivrus/antimalware program does not complain about some of these programs you should look for better protection!

    Thanks, Bill

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •