PassView False positive?

The utility program offered here:

http://www.nirsoft.net/utils/pspv.html

is reported by NOD32 as infected with Win32/PassDump.160. That web site says their utility generates false positives on some av scanners.

So is this a false or real positive? In the future, how can I answer such questions myself?

 

Re: False positive?

Send it to samples[at]eset.com and wait a few days. If nothing comes up, it's quite clean of any nasties.

 

Re: False positive?

I'd say it's a potentially dangerous application and is detected intentionally.

 

Re: False positive?

well, perhaps it can be used by some hackers as an exploit or seomthing, isn't it?

 

It's included in some worms and dropped to gain access to password.
Dumaru Worm for example.

 

So programs from there are actually nothing to worry about(that is, if you download it on purpose and not by some worm/trojan)?

 

Re: False positive?

That would be ok, but again, there is no option to avoid denial of access, except excluding the filename or some folder.

That is dangerous! If evil person knows what filename you are potentially going to exclude, it is no problem to plant something on your computer.

Or, are you saying that you have the authority to forbid usage of that program?

 

I have the same problem

sorry
but, this the most stupid discussion I've ever heard...!!!

the fact that this program is potentially dangerous, is not very important, and i'ts (potential) use by other virus, has to be proved...

this program is very useful, and I use it with all my customers ( because people never forget their password)

I will have to change nod32 with an other antivirus, because of that !!!

I work in computers since "sinclair Zx81", and that's the kind of things I'm fighting against, without success, for years...

advice: try Sigmund Freud , obessionnals...ans you will understand.

 

As Happy Bytes, who is a virus analyst by the way, already said:
"It's included in some worms and dropped to gain access to password.
Dumaru Worm for example."

I'm sure if you think about it that you understand it will fit under the "Potentially dangerous application" category? But if you have trouble with password-revealers, keyloggers/monitoring applications, process killers/viewers etc (which have also been used in worms and trojans) being detected by NOD32, feel free to disable the detection of such:
AMON --> Setup --> Options , then untick "Potentially dangerous applications"
IMON --> Setup --> Miscellaneous --> Setup , then untick "Potentially dangerous applications"
(and do this for the rest of the modules and the on-demand scanner)

There's no need to switch scanner if you are just willing to sacrifice a little time fine-tuning your settings. You can even exclude the file from AMON if you want (AMON --> Setup --> Exclusions)

 

Indeed current version is correctly detected as 'Win32/PassView.163 application'

If I didn't intentionally install it on my PC then I would want to know it was there... and so would my customers...

Nice utility.

Cheers

 

If you look at a Virustotal result page with the .zip file, you will find that NOD32 isn't the only one that picks up this program as a potentially dangerous app. Also, since it is not listed, Symantec 10.1 picks up the app as a HackTool as well.

So saying NOD32 is picking this up as a FP is decidedly an incorrect statement.

-Cov

 

What's interesting to me about that screenshot is that VirusTotal appears to have truncated what NOD32 calls this utility as was posted above 'Win32/PassView.163 application'
Still, that's only academic i guess...