Real threat or false positive?

after scanning my local drive with norton 360, malwarebytes, MRT, and Prevx 3.0,

ONLY Prevx identified "funshioninstall2.0.0.29beta.exe" (downloaded from funshion.com ) as a "Medium Risk Malware".

should i be concerned that it is a real malware? or is this a false positive?

(sorry for posting this so much i don't know where it goes under)

EDIT: ok so here's the scan log from Prevx 3.0




Prevx Scan Log - Version v3.0.5.50
Log Generated: 5/2/2010 09:59, Type: 0,1
Windows Vista Home Premium Service Pack 2 (Build 6002) 32bit|1033
Hostname: Laura-Laptop
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Thu 2010-02-04 18:28:24 Malay Peninsula Standard Time. Number of Scans: 18. Last Scan Duration: 11 seconds.
c:\users\hp\documents\funshioninstall2.0.0.29beta.exe [PX5: D95BFA4F8032110946EE3EBC37159F00C796261D] Malware Group: Medium Risk Malware
c:\users\hp\appdata\local\temp\idc2.tmp\esetsmartinstaller.exe [PX5: 55DCEDE9B89E059BC60B28F558D3F200E91255CE]
[G] c:\users\hp\appdata\local\temp\mpengine.dll [PX5: A5A4683D50CAB446FF534A1C8C998100147F70B9]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\acroform.api [PX5: 85713B076347D1CB5818848EA68AD10081B35FB6]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\annots.api [PX5: 977D2D4D632A22EBF0133E90489E7100C29D41B2]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\checkers.api [PX5: 1DA23B766366CBB9CC380C00D9DA8D0083001567]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\digsig.api [PX5: 96451BDD63ED7BD28AF811CC6180C80012291CE0]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\dva.api [PX5: CF8C8685639350CCE8A501C78E0EEC00D8972603]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\ebook.api [PX5: 08F5A46A630E7B98C88400FBD94321003DA193EC]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\escript.api [PX5: 6D277404631FB929A0EF1538CC31D200B97F36B5]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\ewh32.api [PX5: 01643ADA63E0ED85EC450168F37740000277C605]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\hls.api [PX5: 64E5397E6392E3FAC8CB00E1284D7F000640BCFA]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\ia32.api [PX5: F5CD2359633A03BB4A6D01D5015DC300F91E3ACA]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\imageviewer.api [PX5: FB81CE176346B3F122F307D430166C00565464B8]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\makeaccessible.api [PX5: 1212EDBD6371F2050C911F82431E0800409F620D]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\multimedia.api [PX5: C156BCDA637B83048E0B148B8BC49E00F9CCACFE]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\pddom.api [PX5: 1E18E20C6301EF26101C068B6D4CBD00B9DDBFFA]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\ppklite.api [PX5: 79BCD6E163A5EF9E264A5898FAC10C0013EF159E]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\readoutloud.api [PX5: 2EBDB16E63B7C630A02D01E7429B0B00E64C86A6]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\reflow.api [PX5: 6099E98463701FFF8A8D0589DF58AB00657EAB78]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\saveasrtf.api [PX5: 4A437003634ED92F967B045F61F0720051BC0C37]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\search.api [PX5: 9D0419C76310DA8C622405F7446BCE006A4883BA]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\search5.api [PX5: 17E305A9635073714E2F01AFF4C21C00BF9458B9]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\sendmail.api [PX5: 128AC56663F2B51EE6720183AAC2C000E5AAACDD]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\spelling.api [PX5: 774DC83B63D1960C18AA042B9D3B8300D3026D21]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\updater.api [PX5: F38F4C3D63D92E08860702D457276F0044688EFB]
[G] c:\program files\adobe\reader 8.0\reader\plug_ins\weblink.api [PX5: E78768DE63755C28CEEE022492A69C00CBF38439]
[G] c:\program files\adobe\reader 8.0\reader\cryptocme2.dll [PX5: F76819DC00C5883310E8067EA24A5200817BD6B4]
[G] c:\program files\adobe\reader 8.0\reader\ccme_base.dll [PX5: D752984600DFDFC340B707252C1A1900BA338606]
[G] c:\program files\adobe\reader 8.0\reader\adobelinguistic.dll [PX5: C7D63C6200D92F4F206507D3786F8A0087E1E5E9]
[G] c:\program files\adobe\reader 8.0\reader\adobeupdater.dll [PX5: D8D9E35378D1FFEEB1A507C20217D2007E14A855]
[G] c:\windows\system32\vdmdbg.dll [PX5: C3E08FF1009FFB0144CB00609249C00003CA5EB4]
[G] c:\program files\adobe\reader 8.0\reader\bibutils.dll [PX5: 96DE17E200C25AC252AE02C33C6D0700D2FB1CBF]
[G] c:\program files\eset\eset online scanner\onlinescanner.ocx [PX5: E90A101F4896CB413603336803AA3E00039AEFD0]


End of Prevx Scan Log - http://www.prevx.com




if anyone can read it, is there malware in the log?

and if there is, must i use special tools to remove the malware? or do i just delete it manually? or uninstall off from my computer?

and if tools are needed, any recommended ones?

 

That site is known to contain some malware. I suspect Prevx is right in that detection.

However, if you want to be doubly sure, you can submit a scan log by e-mail to report@prevxresearch.com after clicking on "Scan Now" on the front screen of Prevx and then saving the scan log by clicking on Tools/Save Scan Results.

 

ok, i added some extra information. can you read it and see if any of my extra info helps? thanks

 

The entry

is the one we're interested in. Only PrevxHelp might be able to confirm whether that file is definitely malware. This is why I suggested you send the log to the report@prevxresearch.com address.

 

Any site offering their own installer is suspect, as is the installer itself.

There is absolutely NO NEED to repack files distributed by other vendors. Main trick here is usually to get some form of adware in to the system ...

 

Indeed - we hadn't responded here because it appeared that this user got assistance from members of another forum, but this file is packaged with known adware. Prevx is probably one of the few vendors to find it because this is a new version of the program (v2 when previous versions were all in the range of v1.3/1.4) but our genetic analysis was able to track back this new version as being a derivative of the previous release and automatically condemn it as malicious.

 

...does this mean that the file i have on my computer is a real threat?

EDIT:

ok i uploaded the file on virustotal.com once today, and once a few days ago. a few days ago, virustotal listed that Prevx flagged it as a "medium risk malware" but today, Prevx doesn't flag it at all... ~ VirusTotal link removed per Policy ~ what's going on?

 

I'm going to be re-analyzing the download now - it's possible that they've disabled or removed the adware from the file, which is why we're no longer flagging it.

 

uhm, okay so please tell me after you finish re-analyzing it

 

It appears as if the adware from the older version is disabled, but the newest version from their website is detected by Prevx automatically.

 

GOD, I love it when a plan comes together!

 

...they put up a newer version?? ._.

 

...what do you mean "plan" ._.

 

yes, Funshion v2.1.0 Build16 Version

 

You must be to young to remember, "The A Team", huh? That's what the lead guy, George Peppard, said at the end of every episode when everything worked out to their satisfaction from fighting crime.

 

To fax:

oh? ok then i guess i shouldn't worry about it so much now XD but ya i should still remove it right O:

To PatG:

either i'm too young, or they never showed it in my region . A .

...and doesn't that phrase get irritaing after a while . A .