I’ve been having a problem with a Nirsoft utility called Remote Desktop Passview found here:
http://www.nirsoft.net/utils/remote_desktop_password.html
It’s included in his Nirsoft launcher which is an all-in-one program of all of Nirsoft’s Utilities. Malwarebytes issues a message once a day stating the program is trying to start which is strange because I’m not starting it. (A message on the Malwarebytes forum indicates that this is probably because of the Superfetch service in Windows 7). Malwarebytes won’t even let me check its properties without trying to quarantine the file as it issues a “password.tool” warning. Obviously, that’s what it is as Nirsoft has a host of password tools on his site. I’m just going to have to add it to the Malwarebytes ignore list.
What’s even more puzzling is that my desktop version of Avast 8 scans it and says it’s clean, but the Avast engine on Virustotal.com has the following scan result:
Win32:PSWtool-V [PUP]
However, the Avast engine on Jotti also says it’s clean!
http://virusscan.jotti.org/en/scanresult/70d0a7cc792ca2b982c0416e74aa87def9fd37d9
Many AV programs give the file it’s own password tool classification, while G-Data and F-Secure even have it classified as a Nirsoft app.
My current version is:
Avast v 8.0.1482
Engine & def v130305-1
Why does my desktop version of Avast reflect the file as clean while Virustotal’s version of Avast didn’t? The file can be download from the Nirsoft link above.
