Jump to content

ProduKey from NirSoft not a Virus or PUP


neilhmurphy
 Share

Recommended Posts

It is not a false Positive and it is a Potentially Unwanted Program ( PUP ).  If it wasn't flagged as a PUP, it would be flagged as a Hacktool.
 
It is flagged not because it is malware.  It is flagged because it can be used maliciously. 

ProduKey enumerates the Key Codes of software and someone with less than honourable intentions can use it to pirate software.  It is a legitimate detection.

 

This is true for many of Nir Sofer's utilities such as the ones that enumerate passwords from MS Outlook, Mozilla and Internet Explorer.

Link to post
Share on other sites

  • Staff

Hi Neilmurphey,

 

You can exclude the program within your MBAM install.

Open MBAM, click settings tab, click "malware exclusions", click "add file", choose the file you want MBAM to ignore.

Repeat as necessary for any other programs you do not want MBAM to detect.

Next scan should not detect the file(s) any more. (by the protection module or scans)

 

The issue with Produkey (and like programs) is as David pointed out, they can be used in a malicious manner. 

Because these products can be used in both legit & malicious ways, we usually detect these as RiskWare.WhateverProductName or PUP.Optional.WhateverProductName

 

There are a good many trojans, backdoors & info/password stealers that use products like Nirsoft tools to harvest data from a user's machine.

Because many malwares use these tools for malicious purposes, we can't remove the detections for them.

 

Because some people use Nirsoft (or like) products for non malicious purposes (or other PUPs some people may want to keep), the option is available to allow for exclusions within MBAM on your own machine.

 

If the product in question is used as intended, it is not dangerous.

However, if a trojan dropped this file & ran it, it does have the potential to steal your product key(s) which makes it a "risky" program.

 

Hope this helps to understand our standing on the above named (and like) products.

Link to post
Share on other sites

No.  You misinterpret and jump to faux conclusions.  Don't worry, you are far from alone in that.

 

What if I dropped a trojan on your PC that had one or more Nir Sofer's tools embedded in it that was used to exfiltrate your data ?

I don't think you'd like it very much if IE Passview and PasswordFox were used maliciously to harvest your online credentials.

 

However if you deliberately obtain and use IE Passview, PasswordFox and ProduKey willingly then use the Malwarebytes' Anti-Malware ( MBAM ) provided  Malware Exclusions settings.  The settings are to be used such that the files, and the folders they exist in, are set from being scanned and detected.  File exclusions are provided in just about every anti malware application for that purpose.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.