No matter which download link I click on on this page, IMON pops us and says that the page has been blocked because it has a virus. If I shut IMON down and download the file (I know it is a dangerous practice), and right click scan it with AMON, AMON detects the file as a virus and deletes it.
I do not think that Magical Jelly Bean Keyfinder is a virus.

http://www.magicaljellybean.com/keyfinder.shtml

It's actually a rather handy tool that I've used before, no clue why.. FP?

It is no FP it is detected as Win32/PSWTool.RAS.A application.
A potentially dangerous application....

{QUOTE-> It is no FP it is detected as Win32/PSWTool.RAS.A application.
A potentially dangerous application.... <-QUOTE}
Yep, and if the Potentially dangerous applications option is unticked from IMON/AMON then it wont trigger an alert.

Thanks Lee. That was the problem. I had recently downloaded a new version of Nod32 and used the automatic setup with BS's setting. I had forgotten that potentially dangerous applications was checked. Unchecked it in IMON and AMON and was able to download the file. BTW, it must really have dangerous properties. Ewido didn't want to let it run either. :D

Anyone have a description to what dangerous attributes it actually has?

{QUOTE-> Thanks Lee. That was the problem. I had recently downloaded a new version of Nod32 and used the automatic setup with BS's setting. I had forgotten that potentially dangerous applications was checked. Unchecked it in IMON and AMON and was able to download the file. BTW, it must really have dangerous properties. Ewido didn't want to let it run either. :D <-QUOTE}
good stuff. it's best, or at least i'd rather, that it is flagged as a possible threat and then you can make your own mind up if you want to go ahead and use it.

cheers, lee

NOD detects it also on my PC, but I couldn't find any info about it. :(

{QUOTE-> NOD detects it also on my PC, but I couldn't find any info about it. :( <-QUOTE}

Yes, it detects it for me as well, but I've used it many times to get keys off and it's widely recommended, which is why I assumed it to be a FP.

Well, it's detected by KAV, Dr.Web and AntiVir also, so no FP I think. :)

Here's what Dr. Web has to say according to their Firefox extension:

I've scanned it on Jottis and the same result almost. ;D

It's fairly logical that it's labeled as a potentially dangerous program if you think about it. It could be used together with a trojan to retrieve/steal Windows cd-keys.

Had the same experience with Keyfinder this morning in the course of an In- Depth analysis scan which identified it as a Win32/PSWTool.RAS.A application (my first hit since using NOD). Although I have the Copy to Quarantine option selected there was no trace of the file in Quarantine nor was an Infected file created in the eset folder (the relevant Quarantine/Infected file entry in the Registry is in situ).

From this can I assume that NOD does not move potentially dangerous applications which it identifies, to Quarantine?

Any ideas anyone, please.

Have been using jellybena keyfinder for few years now and found out about NOD32 picking it up as a potentially dangeorus app a few weeks ago.
Should the use of it be stop all together or is it safe to use?

{QUOTE-> Have been using jellybena keyfinder for few years now and found out about NOD32 picking it up as a potentially dangeorus app a few weeks ago.
Should the use of it be stop all together or is it safe to use? <-QUOTE}I guess that is down to the user to decide. It is being identified as a 'POTENTIALLY dangerous application', keyword being potentially.

{QUOTE-> It's fairly logical that it's labeled as a potentially dangerous program if you think about it. It could be used together with a trojan to retrieve/steal Windows cd-keys. <-QUOTE}

Bingo! Or used just by itself. It's a tool to get serial-product install keys. Think about it! ;)

{QUOTE-> Bingo! Or used just by itself. It's a tool to get serial-product install keys. Think about it! ;) <-QUOTE}

If you know of one that does not contain a virus, please let me know. Windows product keys are encrypted, so when a customer has lost his or her key, it's the only way to use a program.

This also does the office series, like I said, rather nice.. too bad it's a virus :P

{QUOTE-> If you know of one that does not contain a virus, please let me know. Windows product keys are encrypted, so when a customer has lost his or her key, it's the only way to use a program.

This also does the office series, like I said, rather nice.. too bad it's a virus :P <-QUOTE}


It´s not actually a virus, it´s a POTENTIALLY dangerous application. Just imagine you have a company with a corporate windows serial. If it was not flagged any employee could use it to discover your company´s serial and then spread it however he saw fit.

In other words, it´s a tool that can be POTENTIALLY used to steal someone´s rightful property, more than enough reason to flag it as a dangerous application.

It does not mean, of course, it does not have LEGITIMATE uses, such as recovering someone´s lost serial number before reformatting the computer.

So if you have legitimate uses for it, go on and use it :)

{QUOTE-> If you know of one that does not contain a virus, please let me know. Windows product keys are encrypted, so when a customer has lost his or her key, it's the only way to use a program.

This also does the office series, like I said, rather nice.. too bad it's a virus :P <-QUOTE}

MagicJellyBean itself is not a virus...I'm not saying it's a virus. However...it's an application that has rather, well, "warez" types of uses. Similar to Kazaa or many of those peer to peer applications...ranted...there can be the rare occasional use that is legitimate, but more than oft...well, it's a tool used to "snag" serial-product install keys. A legitimate software owner would have that, on their CD case, or CD sleeve, or OEM sticker on their computer, or on a printed out e-mail from Microsoft Open Licensing, or...or...

Most businesses would not want someone tromping through their network using MagicJellyBean keyfinder.