MSE detects two viruses in NirSoft Utilities

Topic

New Reply

Sorry – I know this is redundant but I don’t know what else to do. I downloaded the NirSoft Utilities mentioned in today’s column but Microsoft Security Essentials (MSE) detects two viruses within the Nirsoft download. I’ve never heard of Nirsoft before. Are you sure that this download and company are safe, and if so, why does MSE detect viruses within it? The viruses detected by MSE are:
Trojan:Win32/Blad!irts – Alert Level High
HackTool:Win32/Passview – Alert Level Medium

I would really like a response to this question but I’m not sure how to get it since the end of the column says:
“Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.”

And now, MSE has also detected the same HackTool virus in the zip file stored on my disk. Obviously I don’t want MSE to continually detect this virus, but I’m not sure what to do about it if this tool set is in fact legitimate. So I’m confused at several levels – is this a legitimate tool and company? If so, how can I get MSE to ignore whatever it is detecting?

Reply | Quote

Replies

I have not used the “nirlauncher” set of tools mentioned today, but I have used nirsofts products. Nirsoft is definitely a legitimate company and has many fine utilities. I cannot speak to the problem you are having with malware detection but would be slow to call it a false positive. I would be concerned about the reliability of the location where you downloaded it.

That being said, false positives are not unheard of. If you research this and determine it is a false positive, many virus scanners have a way to exclude a file from being scanned.

Reply | Quote

Often Nirsoft utility programs are falsely identified as malware. See Frequently Asked Questions for more information.

Joe

--Joe

Reply | Quote

(This is a repost of my reply in the related thread over at Windows Secrets Columns > Free utility suite bundles over 100 tools. That’s where I think it belongs, but a moderator posted that the Win7 item would get the most discussion.)

Between MSE and Avira, there were about 17 malware warnings (some at once) between the unzip and opening the program. The first batch includes Trojan: Win32/Bladi!rts, Hacktool:Win32/Passview and astlog.exe – SPR/PSW.Asterisk.C, while the latter include the password related apps, the key/keyview/view/dump apps. Almost all of those are listed as SPR/… malware. I wrote Windows Secrets about this before thinking of stopping by here.

I assume (and hope) all of these are related to the nature of the apps themselves, and thus false positives not malware. What bothers me is that this should have been checked prior to publishing and then spoken to in Ryan’s article.

Btw, what app is “Trojan: Win32/Bladi!rts” related to?

Reply | Quote

Btw, what app is “Trojan: Win32/Bladi!rts” related to?

From MS themselves

Summary
Trojan:Win32/Bladi!rts is a name used for trojan detections that have been added to Microsoft signatures after advanced automated analysis.

Source

Clear as mud.

Reply | Quote

I’ve used Nirsoft utilites for a long time, especially when fixing a computer for customers. Many Av programs often flag different nirsoft utilities. They don’t like them because the programs are telling you things about your computer that the AV programs think you should know since you are the owner of the computer and of course you never forget a password. LOL. On my home systems I exclude the whole folder I have of troubleshooting tools. I have never had a problem with any Nirsoft tools or other utilities that I have downloaded on the recommendation of the Secrets newsletter. You must remember that when you start playing with stuff like this that you have to think and act like a system administrator. If you can’t do that or it causes you to much worry then you should stay away from this stuff and get someone with experience to do it for you. But this is also how you learn if that is your goal.

Reply | Quote

Thanks for previous comments affirming the reliability of Nirsoft utitilies. I think I will go ahead and try them. In addition, the Nirsoft website contains explanations about why this happens which were helpful. But this situation does raise the question of who you trust. Since viruses and trojan horses are by nature deceptive, it seems unwise to trust the website that they came from. But if Microsoft Security Essentials gives false positives, then they can’t be trusted either. The other option is the community of users here and elsewhere, but there’s the obvious possibility for errors or misleading comments here also. And I don’t really have the luxury of trying a utility if I’m not quite sure whether or not it contains malware. So I’m not sure how to answer the question of reliability in the general case but I guess I have an answer in the specific case of Nirsoft. So thanks again. (For reasons I don’t understand, I only got one notification of responses to this topic even though there were several others after I checked after the first one.)

Reply | Quote

My approach is if you are unsure then don’t trust the download, program, web site, etc. Don’t let it on your system. Then search around. See what reputable security sites have to say. Ask questions at fourms you trust.

Better safe than sorry.

Joe

--Joe

Reply | Quote

I wrote the company, they indicated they were false positives. Also sent the file to MSE, they wrote back it wasn’t malware.

Reply | Quote

I started where Roger F was when I downloaded it. This was great info and I will load it. I reported it as safe in MSE, and they said they will check it.

Thanks

Reply | Quote