Solved Why is old software detected as a virus or a pup?

groze

Tester
Power User
VIP
Local time
6:21 AM
Messages
1,162
Why is old software detected as a virus or a pup?


I let the mod decided if this needs to move to the chill out room.

I have some old software on a usb that cause MSE to go off.

Here is a list of the tools.

PSPV.EXE (The owner of this program complained to Microsoft & other virus providers it is for xp though-It is a good program if you forgot your password.)

FIREHOLE.EXE (Got it from the Gibson Research Corporation it is for xp though)
WFPS10.EXE (Got it from the Gibson Research Corporation it is for xp though, it not a key generator though)



At least, I know there false positives. I wonder why they go off. I am sure they know about their tweaking tools. Shouldn't this be changed to something like an advisory, that these tools are for early operating systems. Have there been copy cats made of those tools that are real viruses? I have to disable MSE if I want to copy this to another USB drive.

Why do I still have the tools, my old computer has 98se & xp sp3 on it.
 
Last edited:

My Computer My Computer

At a glance

W10 32 bit, XUbuntu 18.xx 64 bitIntel(R) Celeron(R) CPU G1620T @ 2.40GHz, 240...4GBIntel HD graphics
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell All in one Inspiron 2020
OS
W10 32 bit, XUbuntu 18.xx 64 bit
CPU
Intel(R) Celeron(R) CPU G1620T @ 2.40GHz, 2400 Mhz
Motherboard
Dell
Memory
4GB
Graphics Card(s)
Intel HD graphics
Sound Card
High Definition Audio Device
Monitor(s) Displays
20 inch Screen
Screen Resolution
W7=1280 x 720 & Linux Mint Xfce=1360 x 768
Hard Drives
500 GB hard drive
Keyboard
Usb
Mouse
Usb
Internet Speed
High-Speed
Antivirus
MSE
Browser
Main Browser Firefox
Other Info
I have done a clean install of Windows 7 using Dell re-installation disk (Dell sent me one). I also use Free Macrium reflect backup and restore.
Often programs will be flagged as PUPs based on the way they work. Programs that access Windows in such a way as to mimic the way viruses work can and will be flagged. They could also be flagged as viruses, or trojans. But since yours are flagged as PUPs, the AV is only saying they are POTENTIALLY unwanted programs. It is not only old software that can be flagged. Things like WebBrowserPassView, or ProduKey can be flagged. The AV program is not saying those programs are bad by identity, just by behavior. You should be able to whitelist them in your security programs. A Guy
 

My Computer My Computer

At a glance

Windows 10 Home x64INTEL Core i5-750 Quad-Core 3.37GHzHyperX Fury Black Series 8GB (2 x 4GB) 1866MhzEVGA GeForce GTX 750 Superclocked 1GB 128-Bit...
Computer type
PC/Desktop
OS
Windows 10 Home x64
CPU
INTEL Core i5-750 Quad-Core 3.37GHz
Motherboard
ASUS P7P55D
Memory
HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
Graphics Card(s)
EVGA GeForce GTX 750 Superclocked 1GB 128-Bit GDDR5
Monitor(s) Displays
LG 32MA68HY 32" IPS
Screen Resolution
1920 x 1080
Hard Drives
Samsung 840 Evo 120GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
PSU
ANTEC TruePower New TP-550, 80 PLUS, 550W
Case
ANTEC Three Hundred Illusion
Cooling
COOLER MASTER Hyper 212 Plus, 4 x 120mm 1 x 140mm Noctua's
Internet Speed
85 + Mbps
Antivirus
Avast
Browser
Vivaldi
Malware has become highly sophisticated in recent years and a large part of this is avoiding detection, even by the very best AV products with the latest definitions. More tricks are being devised all the time to evade AV detection. A modern trick is for malicious software to have many variations, just different enough to fool the AV software. AV software capable of detecting such malware must be very complex and it is inevitable that mistakes will be made. Some malware will get through and some legitimate software be be falsely detected.

Have there been copy cats made of those that tools that are real viruses?
Probably.

AV software has no inbuilt knowledge of legitimate software. This would be very difficult to provide and could be exploited by malicious software.

And as "A Guy" has pointed out, some legitimate software is flagged because of it's potentially malicious behavior.

Far better to falsely report some legitimate software as malicious than let dangerous software through. Security always has it's price.

The providers of AV software are well aware of the potential for false detection. That is why they provide a means whereby the user can mark files as legitimate.
 

My Computer My Computer

At a glance

Windows 7 Pro 64 bitXeon W35208 GBNvidia Geforce 210
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 7 Pro 64 bit
CPU
Xeon W3520
Memory
8 GB
Graphics Card(s)
Nvidia Geforce 210
MSE detects PUP

I don't know about MSE PUP detections but Malwarebytes lists the following criteria for deciding if a program is a Potentially Unwanted Program:

Malwarebytes | PUP Reconsideration Information & Request Form

So if your software is doing anything contained in that list maybe that's why MSE flags it up.
 

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 64-bit 7601 ...AMD C-60 APU with Radeon(tm) HD Graphics4.00 GBAMD Radeon HD 6290 Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
ASUS
OS
Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
AMD C-60 APU with Radeon(tm) HD Graphics
Motherboard
ASUSTeK COMPUTER INC. X501U
Memory
4.00 GB
Graphics Card(s)
AMD Radeon HD 6290 Graphics
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
Hitachi HTS545050A7E380 SATA Disk Device
Antivirus
Comodo CIS & FW, SecureAplus App Whitelisting, Threatfire
Browser
Cyberfox 64bit, Opera 64bit, Airfox
Other Info
Spy-The-Spy, HitmanPro.Alert, Norton Connect Safe, MJRegWatcher, BitDefender TrafficLight, Voodoo Shield, Zemana AntiMalware
Back
Top