Jump to content

NirSoft ProduKey


Primary_Contact

Recommended Posts

3 minutes ago, Primary_Contact said:

NirSoft ProduKey is reported as malware. It's not. It's for finding hidden or lost Windows product keys for use in re-installing Windows.

Filename that's being falsely reported is: produkey_setup.exeprodukey-x64.zipprodukey_setup.7zprodukey.zip

Most nirsoft utilities are detected by a lot more vendors other than Malwarebytes. It has the potential to be used maliciously.

If you wish to use the software please exclude it in the allow list in Malwarebytes.

Link to post
Share on other sites

6 minutes ago, shadowwar said:

can you please provide a scan log of the detection?

Thanks

I can give you one.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/25/20
Scan Time: 12:32 PM
Log File: 326cf624-57fd-11ea-92bd-001a7dda7102.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.835
Update Package Version: 1.0.19808
License: Premium

-System Information-
OS: Windows 10 (Build 18362.657)
CPU: x64
File System: NTFS
User: I7-PC\SAPC

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 3
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 8 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
HackTool.Agent.Nirsoft, C:\USERS\SAPC\DESKTOP\MALWARE SAMPLES\PRODUKEY-X64\PRODUKEY.EXE, No Action By User, 13275, 777493, 1.0.19808, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

"Most nirsoft utilities are detected by a lot more vendors other than Malwarebytes."

That's not an answer. That's a defensive posturing statement.

I do get that NirSoft could be bundled into other malware apps. That part makes sense.

Why do I have to manually enter it into a white list. Seems there should be a button in Quarantine asking "Click here if this is not malware and you do want to install/use it".

Link to post
Share on other sites

11 minutes ago, Primary_Contact said:

Why do I have to manually enter it into a white list. Seems there should be a button in Quarantine asking "Click here if this is not malware and you do want to install/use it".

Uncheck the detection and click next then always ignore.

exclusion step 2.png

Edited by Porthos
Link to post
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.