'Exact Audio Copy' detected as- variant of Win32/Adware.ADON

Why does NOD32 detect the installer (eac-0.99pb5.exe; MD5:b20c5add30b64f09fffacf010c4d3f15) of the latest version of 'Exact Audio Copy' (V0.99 prebeta 5) as a variant of Win32/Adware.ADON?

Snip: Link to adware removed. Marcos

 

The package contains the file ebayshortcuts.exe which is currently classified as adware but actually has a more trojan-like behavior as it doesn't inform the user about redirection to ebay through a 3rd party site.

 

Thanks Marcos.

 

Me again.

After finding out the installer for EAC(Exact Audio Copy) 0.99 prebeta 4 is also detected by NOD32 as a variant of Win32/Adware.ADON, I did some testing (using Sandboxie and CIS(COMODO Internet Security)'s D+).

[EAC 0.99 prebeta 4]
During installation, there's an option box for 'eBay Icon', which is pre-checked. If (and only if) user leaves this option checked, eBayShortcuts.exe is installed to the newly created directory of, "%APPDATA%\AD ON Multimedia\eBay Shortcuts\".

[EAC 0.99 prebeta 5]
During installation, there's an option box for 'eBay Icon', which is pre-checked. If (and only if) user leaves this option checked, eBayShortcuts.exe is installed to the newly created directory of, "%APPDATA%\Desktopicon\".

In conclusion, if the user un-checks the option box for 'eBay Icon' during installation, eBayShortcuts.exe isn't installed.

PS. I also tested EAC 0.99 prebeta 3's installer, and found it not to have this 'eBay Icon' (eBayShortcuts.exe). NOD32 (correctly) doesn't detect EAC 0.99 prebeta 3's installer as a positive.

 

Yes, you can disable protection for a while, install the program and evenually delete ebayshortcuts.exe after installation.

 

Thanks again, Marcos.

This part isn't needed, if...