Jump to content

Recommended Posts

  • Staff

What is WirelessNetView?

WirelessNetView is a system analyzer that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.

How do I know if I am affected by WirelessNetView?

This is how the main screen of the system analyzer looks:


You will find these icons in your taskbar, your startmenu, and on your desktop:


and see this type of windows during install:



You may see this entry in your list of installed programs:


How did WirelessNetView get on my computer?

These so-called system analyzers use different methods of getting installed. This particular one was downloaded from their website.


How do I remove WirelessNetView?

Our program Malwarebytes can detect and remove this PUP. If you have used an installer it is better to use the built-in uninstaller first for a more complete removal.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of WirelessNetView?

  • No, Malwarebytes removes WirelessNetView completely.

What if I want to keep WirelessNetView?

Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Here’s how to do it.

  • Open Malwarebytes for Windows.
  • Click the Detection History
  • Click the Allow List
  • To add an item to the Allow List, click Add.
  • Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
  • Repeat this for any secondary files or folder(s) that belong to the software.

If you want to allow the program to connect to the Internet, for example to fetch updates, also add an exclusion of the type Allow an application to connect to the internet and use the Browse button to select the file you wish to grant access.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you in dealing with this system analyzer.

As you can see below the full version of Malwarebytes would have warned you against the WirelessNetView installer.



Technical details for experts

You may see these entries in FRST logs:


(Nir Sofer -> NirSoft) C:\Program Files (x86)\NirSoft\WirelessNetView\WirelessNetView.exe
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft WirelessNetView
C:\Program Files (x86)\NirSoft

NirSoft WirelessNetView (HKLM-x32\...\NirSoft WirelessNetView) (Version:  - )

Alterations made by the installer:

File system details [View: All details] (Selection)
    Adds the folder C:\Program Files (x86)\NirSoft\WirelessNetView
       Adds the file readme.txt"="10/3/2017 1:44 PM, 12597 bytes, A
       Adds the file uninst.exe"="5/7/2021 9:04 AM, 47795 bytes, A
       Adds the file WirelessNetView.chm"="10/3/2017 1:44 PM, 17318 bytes, A
       Adds the file WirelessNetView.exe"="10/3/2017 1:44 PM, 58576 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft WirelessNetView
       Adds the file Uninstall.lnk"="5/7/2021 9:04 AM, 1078 bytes, A
       Adds the file WirelessNetView Help.lnk"="5/7/2021 9:04 AM, 1349 bytes, A
       Adds the file WirelessNetView.lnk"="5/7/2021 9:04 AM, 1349 bytes, A

Registry details [View: All details] (Selection)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NirSoft WirelessNetView]
       "DisplayName"="REG_SZ", "NirSoft WirelessNetView"
       "InstallLocation"="REG_EXPAND_SZ, "C:\Program Files (x86)\NirSoft\WirelessNetView"
       "UninstallString"="REG_EXPAND_SZ, ""C:\Program Files (x86)\NirSoft\WirelessNetView\uninst.exe""

Malwarebytes log:


-Log Details-
Scan Date: 5/7/21
Scan Time: 9:17 AM
Log File: 49c08f02-af04-11eb-ac6d-080027235d76.json

-Software Information-
Components Version: 1.0.1273
Update Package Version: 1.0.40194
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 234154
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 2 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.WirelessNetworkTool, C:\PROGRAM FILES (X86)\NIRSOFT\WIRELESSNETVIEW\WIRELESSNETVIEW.EXE, Quarantined, 16830, 299476, , , , , 71BDA7EEA00C51262AE0533F4D5B9031, 637175BEDFE6852886341E15C4D48241D7A58083A45272DF0AAC35469C653F6F

Module: 1
PUP.Optional.WirelessNetworkTool, C:\PROGRAM FILES (X86)\NIRSOFT\WIRELESSNETVIEW\WIRELESSNETVIEW.EXE, Quarantined, 16830, 299476, , , , , 71BDA7EEA00C51262AE0533F4D5B9031, 637175BEDFE6852886341E15C4D48241D7A58083A45272DF0AAC35469C653F6F

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.WirelessNetworkTool, C:\PROGRAM FILES (X86)\NIRSOFT\WIRELESSNETVIEW\WIRELESSNETVIEW.EXE, Quarantined, 16830, 299476, 1.0.40194, , ame, , 71BDA7EEA00C51262AE0533F4D5B9031, 637175BEDFE6852886341E15C4D48241D7A58083A45272DF0AAC35469C653F6F
PUP.Optional.WirelessNetworkTool, C:\USERS\{username}\DESKTOP\WIRELESSNETVIEW_SETUP.EXE, Quarantined, 16830, 299476, 1.0.40194, , ame, , 6B9E4A1C4051BF002865CC24619F3695, 33679EF67FC0D30EE5462FE1A4F1401B6A822A355719BABB018A49B75EDBE764

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


As mentioned before the full version of Malwarebytes could have protected your computer against this potentially unwanted program.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.