Results 1 to 10 of 10
  1. #1
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Iowa, USA
    Posts
    163
    Thanks
    1
    Thanked 1 Time in 1 Post
    Sorry - I know this is redundant but I don't know what else to do. I downloaded the NirSoft Utilities mentioned in today's column but Microsoft Security Essentials (MSE) detects two viruses within the Nirsoft download. I've never heard of Nirsoft before. Are you sure that this download and company are safe, and if so, why does MSE detect viruses within it? The viruses detected by MSE are:
    Trojan:Win32/Blad!irts - Alert Level High
    HackTool:Win32/Passview - Alert Level Medium

    I would really like a response to this question but I'm not sure how to get it since the end of the column says:
    "Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns."

    And now, MSE has also detected the same HackTool virus in the zip file stored on my disk. Obviously I don't want MSE to continually detect this virus, but I'm not sure what to do about it if this tool set is in fact legitimate. So I'm confused at several levels - is this a legitimate tool and company? If so, how can I get MSE to ignore whatever it is detecting?

  2. #2
    5 Star Lounger
    Join Date
    Dec 2003
    Location
    Burrton, KS, USA
    Posts
    833
    Thanks
    0
    Thanked 2 Times in 2 Posts
    I have not used the "nirlauncher" set of tools mentioned today, but I have used nirsofts products. Nirsoft is definitely a legitimate company and has many fine utilities. I cannot speak to the problem you are having with malware detection but would be slow to call it a false positive. I would be concerned about the reliability of the location where you downloaded it.

    That being said, false positives are not unheard of. If you research this and determine it is a false positive, many virus scanners have a way to exclude a file from being scanned.

  3. #3
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,593
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    Often Nirsoft utility programs are falsely identified as malware. See Frequently Asked Questions for more information.

    Joe
    Joe

  4. #4
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Bozeman, MT
    Posts
    328
    Thanks
    2
    Thanked 3 Times in 3 Posts
    (This is a repost of my reply in the related thread over at Windows Secrets Columns > Free utility suite bundles over 100 tools. That's where I think it belongs, but a moderator posted that the Win7 item would get the most discussion.)

    Between MSE and Avira, there were about 17 malware warnings (some at once) between the unzip and opening the program. The first batch includes Trojan: Win32/Bladi!rts, Hacktool:Win32/Passview and astlog.exe - SPR/PSW.Asterisk.C, while the latter include the password related apps, the key/keyview/view/dump apps. Almost all of those are listed as SPR/... malware. I wrote Windows Secrets about this before thinking of stopping by here.

    I assume (and hope) all of these are related to the nature of the apps themselves, and thus false positives not malware. What bothers me is that this should have been checked prior to publishing and then spoken to in Ryan's article.

    Btw, what app is "Trojan: Win32/Bladi!rts" related to?

  5. #5
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,653
    Thanks
    38
    Thanked 161 Times in 139 Posts
    Quote Originally Posted by highstream View Post
    Btw, what app is "Trojan: Win32/Bladi!rts" related to?
    From MS themselves

    Summary
    Trojan:Win32/Bladi!rts is a name used for trojan detections that have been added to Microsoft signatures after advanced automated analysis.
    Source

    Clear as mud.

  6. #6
    Star Lounger
    Join Date
    Dec 2009
    Location
    Kennesaw, GA
    Posts
    67
    Thanks
    2
    Thanked 1 Time in 1 Post
    I've used Nirsoft utilites for a long time, especially when fixing a computer for customers. Many Av programs often flag different nirsoft utilities. They don't like them because the programs are telling you things about your computer that the AV programs think you should know since you are the owner of the computer and of course you never forget a password. LOL. On my home systems I exclude the whole folder I have of troubleshooting tools. I have never had a problem with any Nirsoft tools or other utilities that I have downloaded on the recommendation of the Secrets newsletter. You must remember that when you start playing with stuff like this that you have to think and act like a system administrator. If you can't do that or it causes you to much worry then you should stay away from this stuff and get someone with experience to do it for you. But this is also how you learn if that is your goal.

  7. #7
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Iowa, USA
    Posts
    163
    Thanks
    1
    Thanked 1 Time in 1 Post
    Thanks for previous comments affirming the reliability of Nirsoft utitilies. I think I will go ahead and try them. In addition, the Nirsoft website contains explanations about why this happens which were helpful. But this situation does raise the question of who you trust. Since viruses and trojan horses are by nature deceptive, it seems unwise to trust the website that they came from. But if Microsoft Security Essentials gives false positives, then they can't be trusted either. The other option is the community of users here and elsewhere, but there's the obvious possibility for errors or misleading comments here also. And I don't really have the luxury of trying a utility if I'm not quite sure whether or not it contains malware. So I'm not sure how to answer the question of reliability in the general case but I guess I have an answer in the specific case of Nirsoft. So thanks again. (For reasons I don't understand, I only got one notification of responses to this topic even though there were several others after I checked after the first one.)

  8. #8
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,593
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    My approach is if you are unsure then don't trust the download, program, web site, etc. Don't let it on your system. Then search around. See what reputable security sites have to say. Ask questions at fourms you trust.

    Better safe than sorry.

    Joe
    Joe

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Laramie WY
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I wrote the company, they indicated they were false positives. Also sent the file to MSE, they wrote back it wasn't malware.

  10. #10
    Star Lounger
    Join Date
    Dec 2009
    Location
    Scottsdale Arizona USA
    Posts
    61
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I started where Roger F was when I downloaded it. This was great info and I will load it. I reported it as safe in MSE, and they said they will check it.

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •