Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Nirsoft.net's Mail passview utility - trojan or not?

5,669 views
Skip to first unread message

thender...@nospam222.org

unread,
Sep 10, 2006, 10:45:35 PM9/10/06
to
http://www.nirsoft.net/utils/mailpv.html

The author states that some programs detect a false trojan in it.
Avast certainly did.


9/10/2006 5:49:22 PM 1660 Sign of "Win32:MailPassView [Tool]" has been
found in "d:\mailpv.zip\mailpv.exe\[UPX]" file.


I submitted it to Virustotal. Kaspersky didn't find anything while
Bitdefender gave it an application rating.


> File: mailpv.exe
> Status: INFECTED/MALWARE (Note: this file has been scanned before.
Therefore, this file's scan results will not be stored in the database)

> MD5 aeaf4c30722cc779448adf1831ec5790
> Packers detected: UPX
> Scanner results
> AntiVir Found SecurityPrivacyRisk/PSW.MailPass riskware
> ArcaVir Found nothing
> Avast Found Win32:MailPassView
> AVG Antivirus Found nothing
> BitDefender Found nothing
> ClamAV Found nothing
> Dr.Web Found Tool.PassView
> F-Prot Antivirus Found nothing
> Fortinet Found HackerTool/MailPassView
> Kaspersky Anti-Virus Found not-a-virus:PSWTool.Win32.MailPassView.130
> NOD32 Found Win32/RiskWare.PSWTool.MailPassView.136 application
> Norman Virus Control Found nothing
> UNA Found nothing
> VirusBuster Found nothing
> VBA32 Found nothing

Here's the Jotti scan:

> AntiVir Found SecurityPrivacyRisk/PSW.MailPass riskware
> ArcaVir Found nothing
> Avast Found Win32:MailPassView
> AVG Antivirus Found nothing
> BitDefender Found nothing
> ClamAV Found nothing
> Dr.Web Found Tool.PassView
> F-Prot Antivirus Found nothing
> Fortinet Found HackerTool/MailPassView
> Kaspersky Anti-Virus Found not-a-virus:PSWTool.Win32.MailPassView.130
> NOD32 Found Win32/RiskWare.PSWTool.MailPassView.136 application
> Norman Virus Control Found nothing
> UNA Found nothing
> VirusBuster Found nothing
> VBA32 Found nothing


Once again, several respected freeware sites recommend this program.

Siteadvisor gives it a trojan rating, yet the mods they list here make
the program look pretty benign. The internet leads to some great
research, but between this program and Ultimate Boot CD, it can leave one
in a quandry.

http://www.siteadvisor.com/sites/nirsoft.net/downloads/642095/

Any comments?


kurt wismer

unread,
Sep 11, 2006, 12:12:10 AM9/11/06
to

thender...@nospam222.org wrote:
> http://www.nirsoft.net/utils/mailpv.html
>
> The author states that some programs detect a false trojan in it.
> Avast certainly did.
>
>
> 9/10/2006 5:49:22 PM 1660 Sign of "Win32:MailPassView [Tool]" has been
> found in "d:\mailpv.zip\mailpv.exe\[UPX]" file.

consider this - the program's name is mail passview and the malware
name is mailpassview... it doesn't sound like a false alarm at all...
it sounds like the anti-malware folks consider it malware and nirsoft
disagrees...

[snip]


> > MD5 aeaf4c30722cc779448adf1831ec5790
> > Packers detected: UPX
> > Scanner results
> > AntiVir Found SecurityPrivacyRisk/PSW.MailPass riskware
> > ArcaVir Found nothing
> > Avast Found Win32:MailPassView
> > AVG Antivirus Found nothing
> > BitDefender Found nothing
> > ClamAV Found nothing
> > Dr.Web Found Tool.PassView
> > F-Prot Antivirus Found nothing
> > Fortinet Found HackerTool/MailPassView
> > Kaspersky Anti-Virus Found not-a-virus:PSWTool.Win32.MailPassView.130
> > NOD32 Found Win32/RiskWare.PSWTool.MailPassView.136 application
> > Norman Virus Control Found nothing
> > UNA Found nothing
> > VirusBuster Found nothing
> > VBA32 Found nothing

i'm going out on a limb here - the tool is supposed to reveal passwords
(mail related passwords perhaps?)...

that means there's a good reason to consider it a password stealing
trojan...

consider what a trojan is
(http://anti-virus-rants.blogspot.com/2006/02/what-is-trojan.html) and
consider the context of it's usage... if you're using it to reveal your
own password then there should be no problem, but if you happened to
stumble across it on your system and you didn't put it there then there
would most definitely be a problem... i don't think it's a false alarm,
but it does seem to be a good illustration of the problem of trojan
classification...

Kerry Brown

unread,
Sep 11, 2006, 1:15:53 AM9/11/06
to
thender...@nospam222.org wrote:
> http://www.nirsoft.net/utils/mailpv.html
>
> The author states that some programs detect a false trojan in it.
> Avast certainly did.
>
>

I have been using various nirsoft utilities for years with no harmful
results. Mail PassView is a very useful utility. I often work on customer's
computers where they have no idea what the email password is. It was set up
years ago by a tech from their ISP. Mail PassView and other nirsoft
utilities have been used by trojans in the past causing several anti-virus
programs to flag them as potentially dangerous. They are legitimate tools
and not harmful if used with your knowledge. They can be very harmful if
used maliciously. They can be used to find web site passwords which may
include banking sites if the bank's security is lax. If you need to use one
of nirsoft's tools and your antivirus won't let you then turn off the
resident scanner while using the program. Make sure you turn it back on
after you have finished using the nirsoft tool. I keep them on a CD so I'm
not bothered every time I scan my computer.

--
Kerry Brown


KonradK

unread,
Sep 11, 2006, 4:20:59 AM9/11/06
to
thender...@nospam222.org wrote:

> http://www.nirsoft.net/utils/mailpv.html
>
> The author states that some programs detect a false trojan in it.
> Avast certainly did.

Your antivirus warns you with message [TOOL]. This tool itself (and
alone) is very useful, but unfortunately can be attached as a part of
malware or other trojan horse. So if it was you installed this tool
everyting is OK. If not you should remove it.

Regards
Konrad

--

0 new messages