Nirsoft.net's Mail passview utility - trojan or not?

  • Thread starter Thread starter thenderson32102
  • Start date Start date
T

thenderson32102

http://www.nirsoft.net/utils/mailpv.html

The author states that some programs detect a false trojan in it.
Avast certainly did.


9/10/2006 5:49:22 PM 1660 Sign of "Win32:MailPassView [Tool]" has been
found in "d:\mailpv.zip\mailpv.exe\[UPX]" file.


I submitted it to Virustotal. Kaspersky didn't find anything while
Bitdefender gave it an application rating.



File: mailpv.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before.
Therefore, this file's scan results will not be stored in the database)
MD5 aeaf4c30722cc779448adf1831ec5790
Packers detected: UPX
Scanner results
AntiVir Found SecurityPrivacyRisk/PSW.MailPass riskware
ArcaVir Found nothing
Avast Found Win32:MailPassView
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Tool.PassView
F-Prot Antivirus Found nothing
Fortinet Found HackerTool/MailPassView
Kaspersky Anti-Virus Found not-a-virus:PSWTool.Win32.MailPassView.130
NOD32 Found Win32/RiskWare.PSWTool.MailPassView.136 application
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing









Here's the Jotti scan:




AntiVir Found SecurityPrivacyRisk/PSW.MailPass riskware
ArcaVir Found nothing
Avast Found Win32:MailPassView
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Tool.PassView
F-Prot Antivirus Found nothing
Fortinet Found HackerTool/MailPassView
Kaspersky Anti-Virus Found not-a-virus:PSWTool.Win32.MailPassView.130
NOD32 Found Win32/RiskWare.PSWTool.MailPassView.136 application
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing




Once again, several respected freeware sites recommend this program.

Siteadvisor gives it a trojan rating, yet the mods they list here make
the program look pretty benign. The internet leads to some great
research, but between this program and Ultimate Boot CD, it can leave one
in a quandry.

http://www.siteadvisor.com/sites/nirsoft.net/downloads/642095/

Any comments?
 
http://www.nirsoft.net/utils/mailpv.html

The author states that some programs detect a false trojan in it.
Avast certainly did.


9/10/2006 5:49:22 PM 1660 Sign of "Win32:MailPassView [Tool]" has been
found in "d:\mailpv.zip\mailpv.exe\[UPX]" file.

consider this - the program's name is mail passview and the malware
name is mailpassview... it doesn't sound like a false alarm at all...
it sounds like the anti-malware folks consider it malware and nirsoft
disagrees...

[snip]
i'm going out on a limb here - the tool is supposed to reveal passwords
(mail related passwords perhaps?)...

that means there's a good reason to consider it a password stealing
trojan...

consider what a trojan is
(http://anti-virus-rants.blogspot.com/2006/02/what-is-trojan.html) and
consider the context of it's usage... if you're using it to reveal your
own password then there should be no problem, but if you happened to
stumble across it on your system and you didn't put it there then there
would most definitely be a problem... i don't think it's a false alarm,
but it does seem to be a good illustration of the problem of trojan
classification...
 
http://www.nirsoft.net/utils/mailpv.html

The author states that some programs detect a false trojan in it.
Avast certainly did.

I have been using various nirsoft utilities for years with no harmful
results. Mail PassView is a very useful utility. I often work on customer's
computers where they have no idea what the email password is. It was set up
years ago by a tech from their ISP. Mail PassView and other nirsoft
utilities have been used by trojans in the past causing several anti-virus
programs to flag them as potentially dangerous. They are legitimate tools
and not harmful if used with your knowledge. They can be very harmful if
used maliciously. They can be used to find web site passwords which may
include banking sites if the bank's security is lax. If you need to use one
of nirsoft's tools and your antivirus won't let you then turn off the
resident scanner while using the program. Make sure you turn it back on
after you have finished using the nirsoft tool. I keep them on a CD so I'm
not bothered every time I scan my computer.
 
http://www.nirsoft.net/utils/mailpv.html

The author states that some programs detect a false trojan in it.
Avast certainly did.

Your antivirus warns you with message [TOOL]. This tool itself (and
alone) is very useful, but unfortunately can be attached as a part of
malware or other trojan horse. So if it was you installed this tool
everyting is OK. If not you should remove it.

Regards
Konrad

--
 
Man! The logic here is flawed...

If a program does EXACTLY what it says it does... it is NOT a PUP or a Virus.
With the logic in these threads... we better remove Right Click DELETE from the windows file manager because Ooooo.... it could be used for bad bad things!

I have always liked AVAST, but I am beginning to think IT IS THE BIGGEST TROJAN on my machine.
Its in your face, its reporting back to the mother alien ship... and I strongly suspect it is being use to eliminate any competition. Make something that competes with a big software company and I am willing to bet its a PUP.
Should be called Potentially Unwanted Competition... a PUC... which is what these bastards are really up to.

Other day flipping Firefox starts telling me that Kick Ass Torrents is a PUP... yeah right!
So I get cheesed off and decide to dump the browser... I find another called the Torch Browser where some geeks have taken the Chrome Code and opened it up so it can download anything... rated as number 5 in browsers by some reviews... so I go there... Chrome says... DANGER DANGER... its a PUC... we don't want competition!
As does Chrome... no surprise there!

These big software companies are turning the internet into a closed whore house... its disgusting how low they will go.

So wake up and smell the roses... its dirt politics now... time for new browsers an new anti virus software... these are now CONTAMINATED.
 
Back
Top