Broadband Tech > Security > Security > BOClean FP?

BOClean FP?

Good that you sent it to them to check. It has to be fp

Cudni

reply to Buddel
Results from Jotti:
- Dr. Web: Found Tool.StartupRun.122
all the other apps didn't find anything.

Results from Virus Total:
- eSafe: suspicious Trjan/Worm
- Fortinet: suspicious
- The Hacker: Aplicacion/Riskware.Tool.StartupRun.122
all the other apps didn't find anything.

Hm...

it often happens with nirsof tools
»Re: a2 Free support forums

also NAV would tag it on occasion

Cudni

reply to Buddel
The detection is intentional. I had a brief exchange with Kevin McAleavey regarding BC's detection of Nirsoft's ServiWin, and he replied:

quote:

---

NirSoft is also known as "PROAGENT" and have been in the trojan-making business for quite some time. We've covered Nirsoft stuff in the past only to be yelled and whined at and ultimately removing most of those detects. This time though, we need to detect all of Nirsoft's stuff as a result of this

(link removed)

... and a number of others now where the Nirsoft stuff is actively being used to compromise systems as NO antivirus detects any of this.

---

so it will flag it regardless of any other malware files being absent?

Cudni

Sure, good to know thanks. Nirsoft tools can always be excluded if downloaded purposely and flagged if not.

Cudni

reply to Buddel
Thank you both for your help. As I mentioned above, I added Startuprun to the Program Excluder, so the fact that BOClean regards this file as a trojan shouldn't be a problem for me anymore.

reply to Buddel
If you want a better tool than Nirsoft's - and one that doesn't get flagged -, get Autoruns from the former Sysinternals.

It's the most comprehensive StartUp information tool and manager out there.

reply to Buddel
Fwiw I had to put all my Nirsoft utilities in a separate folder and exclude the folder from my AV detection.

reply to Martinus

reply to Buddel
Just downloaded it. All the best for 2007, Martinus.

reply to Martinus

reply to Buddel
I use (and love) NirSoft's Cookie View. Never knew they were also in "the trojan business". I'm assuming that Cookie View is still ok? othing malicious going on? It's easy to exclude it from being detected by BOC; just want to make sure that stuff from there is ok, since I haven't found an alternative to Cookie View that I like as much.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick

reply to Buddel
We've reluctantly had to add *ALL* of Nirsoft's tools for detection as a result of a nasty new "USB system thief" package made up of all their stuff since it's all automated and hidden by Nirsoft's NIRCMD module into a nice little kit that will grab ALL of the information off a machine (passwords, you name it) and uses THAT module to spread the infection to any removable media plugged into an infected machine. No choice but to cover it.

Nirsoft is an old trojan creator known for the PROAGENT series of trojans and while their "utilities" weren't dangerous, they've become so now. If you're planning on using that, about the only thing you can do is restore the file, right click on the BOClean traybar icon, select "EXCLUDER" and you can then drag the icon for that program to the excluder. Do a system reboot (this is a security measure in our design) and BOClean will let you run that in the future without triggering.

(edit: URL removed)
--
Ten years of Privacy and Protection

www.privsoft.com
www.nsclean.com

reply to Buddel
Hi Nancy, thank you very much for your e-mail. Happy New Year.

reply to Nancymca

reply to Buddel
Hi Martinus, I'm now running both autoruns and Process Explorer. I must say I like what I have seen so far. The information provided by these programs are very detailed, so I do think these tools are keepers. Again, thanks for the info.