 SentinelPremium
join:2001-02-07
Florida
kudos:1 | Why is this software dangerous? I've posted this before but I never got a good answer so if no one minds I'm going to try again hoping perhaps someone has a new perspective or something 
NirSoft's WirelessNetView.exe found here:
»www.nirsoft.net/utils/wireless_n···iew.html
Keeps getting flagged by my anti-virus app as a PUP. Now I know I can turn off searching for PUPs and I know I can enter it in the list of exclusions. So thanks in advance for telling me that 
But my question is ... why does it get flagged at all? From what I can see all it does is tell you what wireless networks there are in your area around you. This seems pretty harmless to me so I'm guessing that I must be missing something here.
So if someone could please tell me how this is malicious I would appreciate it. If it would threaten peoples security and you would rather not post that kind of thing here then that's fine but please then just post "yes, if you know how, this software can be used maliciously if you know what you are doing but I am not going to post why here because that wold be telling someone how to do something malicious and we don't want to do that". That would be enough for me. I'll understand.
Or is it that the software itself is infected with something separate and apart from its stated purpose? Does it spy on people that use it or something? Trojan? |
|
| False positive. Put it in the antivirus ignore list. |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
 ·Frontier Communi..
| reply to Sentinel
Nirsoft creates a number of "utility" or "tool" programs that can get flagged by AVs for various coding reasons. In all cases I've run across, it's because the tool does something in a certain way that looks suspicious to an AV program, and it flags it. Nirsoft and their software have been around for years, though it's always wise to ask in a forum like this about such things. Whether Nirsoft's programs could somehow be written in a different way that doesn't get flagged and still do the job, I'll leave for others to argue... but they do work, they are safe, and I do just what Ken1943  suggests: put them in the AV ignore list.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville |
|
pslossPremium
join:2002-02-24
Alpharetta, GA | reply to Sentinel
Didya read this already?
»blog.nirsoft.net/2012/10/10/amaz···me-tool/ |
|
| reply to Blackbird
said by Blackbird:Nirsoft creates a number of "utility" or "tool" programs that can get flagged by AVs for various coding reasons.
They are not F/p's and are NOT detected by behavioural analysis.
This is such a fudged topic not helped by Nirsoft persistence claims that they are F/p's or power users that decry F/p also.
2 scenario's, you are network admin using these tool(s) for end means to enable your job then they are legitimate tools.
2nd scenario, the tools are used by hacker who has just compromised a computer to gain data from the newly compromised computer and/or network.
AV's are tasked with protecting end users who like databases to think for them as opposed to "informed" power users who know what the tools are and why they are using them.
Since end users without a clue outnumber power users hands down then all these detections should stay to protect them.
It beggers belief that Nirsoft can't figure that for themselves or maybe they want their tools abused without any checkpoints. |
|
 HA NutPremium
join:2004-05-13
USA | reply to Sentinel
PUP = Potentially Unwanted Program. Glad to see your antivirus classified it that way and no worse.
I agree with the others. The "goodness" of a PUP is in the mind of the beholder. |
|
1 edit | reply to Sentinel
NirSoft tools are general considered safe. It is always best policy to check MD5's and ask questions if you are concerned. ComboFix, a tool used to clean infections, was actually infected recently.
VirusTotal gets seven hits for WirelesNetView with all but one indicating Pups, Tools, Riskware and one generic detection.
I just ran it. No malware, trojan, virus, spyware or anything malicious dropped. No calling home to the mother ship. All this does is reveal wireless connection near you. I suppose it could be used for sniffing unprotected wireless connections. Just paranoid AV's.
Edit: for clarity |
|
| reply to Sentinel
MumRar had the first best answer. These are signature detections, not heuristics. They flag Nir's utilities because they can be used by attackers to case a network. They can also be used for completely innocent purposes. Dynamite can also be used for mining and digging.
--
Scott Brown Consulting |
|
 ZZZZZZZPremium
join:2001-05-27
PARADISE
kudos:1
 ·Shaw
| reply to MumRAR
quote:
Since end users without a clue outnumber power users hands down then all these detections should stay to protect them.
And most users [at least on this board] have known for years about Nirsoft's apps being flagged.
I use about a dozen of his apps. 
--
Sarcasm is the body’s natural defense against stupidity. |
|
|
|
| I've been using Nirsoft's apps for years, never had a problem except one alert with MSE, although when I updated the app to the latest version, MSE no longer flagged it. |
|
 sivranOpera convertPremium
join:2003-09-15
Arlington, TX
kudos:1 | reply to sbconslt
said by sbconslt:MumRar had the first best answer. These are signature detections, not heuristics. They flag Nir's utilities because they can be used by attackers to case a network. They can also be used for completely innocent purposes. Dynamite can also be used for mining and digging.
If everything that can be used by attackers was flagged, there'd be nothing left unflagged.
--
Think Outside the Fox. |
|
OZOPremium
join:2003-01-17
kudos:2 | A bet attackers use dir or ls (depending on OS) too. Following that (IMHO, dumb) logic - the shell providing that should be flagged as PUP too, right? Some called that paranoia... :-(
--
Keep it simple, it'll become complex by itself... |
|
OZOPremium
join:2003-01-17
kudos:2 | reply to Sentinel
The best way to find out is to ask the developers of that particular AV. Why do they think it's anyhow dangerous and should be flagged? Here you'll get only speculations and a bunch of guesses...
--
Keep it simple, it'll become complex by itself... |
|
 DustynPremium
join:2003-02-26
Ontario, CAN
kudos:10 | reply to Sentinel
Which anti virus program is flagging it as PUP? |
|
| Here is the virustotal analysis for the most current version of Nirsoft WirelessNetView.exe: » www.virustotal.com/file/50196a26···nalysis/OP's scanner is, I'm guessing, Avast, which flags it as Win32:PSWtool-AP [PUP]. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to Dustyn
Avira flags it. Always has. |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | reply to dsilvers
I think there is an undercurrent in the AV market that the more it detects, the better product it is. PUPs is just one way of inflating results. (another place you see this is the flagging of tracking cookies as the end of the world)
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
| said by AVD :
PUPs is just one way of inflating results.
Yea, I agree. At least Antivir and Avast will let you turn off the PUP detection. |
|
| reply to Sentinel
To answer the question directly: Its because of the program's function. It will decrypt your wireless keys as you know and if you were to come across this on your system without your knowledge... PUP
Its just to bring your attention that it is located on your computer. |
|
OZOPremium
join:2003-01-17
kudos:2 | said by Mr Anon :It will decrypt your wireless keys as you know and if you were to come across this on your system without your knowledge... PUP
Wait a sec. Isn't that what I want? And if I run it on my system, doesn't that mean that it runs with my permission (or, as you said, knowledge)
--
Keep it simple, it'll become complex by itself... |
|
