Yesterday, I downloaded and installed the VirusTotal uploader app from: http://www.virustotal.com/advanced.html#uploader The sha256 checksum of the VTUploader2.0Setup.exe is: f5b31335fefa7d46bab89c6985d7c097eaf8a6b29ac990b5bf63c75e0499a3b6 The sha256 checksum of the installed VirusTotalUpload2.exe is: 0c3bbca54c19d81a3df2229d09bff373b61f7ddb495ac6f247ba15b074b5fc63 It worked fine overall, even though Online Armor flagged it as a screen logger (and maybe keylogger too, I can't quite remember). I decided to trust it and let Online Armor allow its screen logging, as it didn't seem to work otherwise. So, after I allowed it, it seemed to work fine, and I used it to check and upload a bunch of files, which it did without a hitch. Today, however, when I tried to upload a file, Online Armor came up with a bunch of warnings that the VT uploader was trying to "modify trusted programs", and also that it wanted to terminate "verclsid.exe". See these screenshots: http://img842.imageshack.us/img842/9392/44682796.png http://img269.imageshack.us/img269/5853/47388025.png http://img64.imageshack.us/img64/7320/10818155.png http://img600.imageshack.us/img600/1687/35345481.png What's going on here? Why was it able to work just fine before and now it wants to do all of this really suspicious stuff?