I don’t know when the definitions changed for these 2 Nirsoft programs but Avast now says they are viruses.
They are Chromepass http://www.nirsoft.net/utils/chromepass.html and IE PassView http://www.nirsoft.net/utils/internet_explorer_password.html
I know these tools can be abused but they are also sometimes lifesavers. It is a royal pain to work around an AV alert that keeps trying to block them.
They weren’t blocked in the past. Can this be undone in an upcoming definition update?
What does the virus warning come up as? What kind of virus?
Go to the Expert Settings for the File System Shield, and click the Exclusions tab. Enter in the path for the files you want it to ignore, and you should be fine.
But of course, I’d recommend you are absolutely certain that the files you are excluding are completely safe.
2
The warning were:
chromepass.exe|>[UPX] [L] Win32:Malware-gen (0)
iepv.exe|>[UPX] [L] Win32:Trojan-gen (0)
I excluded them but since these are downloads, you have to disable the Web Shield scanner, then either exclude them from the download area or temporarily turn off the File System scanner and so forth. Just as unhandy as it could be.
re: their safety, I’m confident they are. Nirsoft does not release malware. As I mentioned, Nirsoft makes many tools (in this case, password recovery tools) that can abused. But they are like sharp knives. You can use a steak knife to eat your meal or you can use it to injure someone. But IMO, we shouldn’t ban sharp knives solely because they could be misused…
I recommend submitting them to VirusTotal and see what comes up, and then submit the files to Anubis.
Well once you have them downloaded, you can should be able to exclude them from the File System Shield, correct? While its a tad tedious, from that point on it shouldn’t cause any trouble.
I’m sure there would be some hits @ Virus Total. Several AVs have publicly said they will always show positive on some of Nirsoft’s tool even though they contain no malicious code. They do so to “remind” less enlightened users that some of these tools can be misused. And as I noted, I do not agree with this approach.
Hopefully, someone from Avast will check things out and give a response here…
I certainly agree with you that having an antivirus program mark a clean, albeit possible to misuse program as a virus isn’t the right thing to do. Though on a similar note, keygens tend to result in false positives, too.
Both are “generic” detections.
Generic Detections are a type of sophisticated detection used by antivirus programs to identify files with malicious characteristics.
Unlike more signature detection, a Generic Detection does not identify a unique or individual malicious program. Generic Detection looks for broadly applicable code or behavior that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware.
Submitting these as FP would help speed things up. But the typical protocol says upload to VirusTotal first, you still have not done this.
I have submitted the files to Avast as false positives. I tried 1 of them @ Virus Total and as expected, many AVs detected it as either a password revealer or password hacking tool (30 out of 43.) But since this is a known issue with many AV makers (detecting tools such as this as malware when it’s technically not), this result cannot be depended on as determination if the file is truly malicious or not.
I had this with SuperKeys: Avast and some malware programs picked up the DLLs as keyloggers, which of course they are. It’s simply a matter of the DLLs being used in some malware, but anything can be misused.
To be on the safe side, I’ve blocked the DLLs and the .exe in the firewall - I hope that works.
@ HA Nut
Go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.
Got the reply early this morning. The files are not malware but will continue to be flagged as such because of the nature of the type of tools they are.
Oh well, I tried! 
I appreciate the fact that I received a prompt reply.
Hello,
detection will be fixed (changed to PUP).
Best regards,
Milos
Thank you very much!!! ;D
This will allow me to deal with it a bit differently than calling it a virus.