Is this false positive on a game installer?

[REDACTED]

I was invited to a closed beta for a game called Magic: The gathering Arena. There is an installer provided that I have to download and install in order to play.
Right when i open it i get this:



The threat name is: IDP.Alexa.51 and a google search comes up with results that indicate it is indeed a virus.

There have been very few people reporting that they get this virus so I am unsure if this is a false positive. But just to be sure I would like someone to look this over.
Also, if it makes any difference, the part that says: " We've blocked the threat pssB9CC.ps1 from harming your computer", every time i reopen the installer that bold part keeps changing name. If i move the virus to virus chest i immediately get another 'threat blocked' message, same threat but different name in bold. The installer screen for the MTG arena that you see before you is a loading screen and once i move the threat to the virus chest only then will it proceed to the next step.

Here is the installer in zip format. I tried to scan it but nothing comes up.
https://dailyuploads.net/6s4vfz2zrq0r

[polonus]

VT does not find anything wrong with it, so that threat should be either adware or a download with PUP.
Re: https://www.virustotal.com/#/url/15501db3af41a449b2eac82742a75fc39aa3eaacd579be61cd4e3eac5a8b9152/details

Again DrWeb here flagging this as a Dr.Web not recommended site.

See the DNS report for the Dutch Amsterdam download site: https://www.dns.computer/dns/dailyuploads.net/cdlbuq

The only that flags downloads from here is Google Safebrowsing.

The PUP threat you mention is spying on cellphones.

polonus

[Pondus]

The threat name is: IDP.Alexa.51 and a google search comes up with results that indicate it is indeed a virus.

You cant search like that, a threat name will always give a malicious result

Here is the installer in zip format. I tried to scan it but nothing comes up.
-https://dailyuploads.net/6s4vfz2zrq0r

Anyway, that download is also blocked by my F-Secure

[polonus]

Hi Pondus,

Thanks for the double check on this. LeaseWeb the hoster of dailyuploads dot net in the Netherlands is known for abuse issues, when both Google Safebrowsing and F-Secure block it, I would not go around such blocks. Various other files from dailyuploads dot net are being flagged at VT, so it is a known infection source or undesirables may come along on the back of these downloads (adware, crapware and worse).

polonus

[jefferson sant]

Hello.

I will not tell the right copies for some reason during installation and ends and repeats the same cycle, and no detection seen or found with the name of this file, the game does not play.You can restore the file to see if it still produces the suspicious behavior alert.