Mac MakeUp 1.95d

[CJT]

So... my Avast Free decided this is now a virus and slammed it in the virus chest immediately. I've had this program for months, years even. It's a utility with which one can change the MAC address. The virus name just reads "Win32Malware-gen". Virus definitions are the latest at the moment. And... it just decided it's a virus now. I used the program a few hours ago, and then it was all ok. Automatic updates are off, so the virus defs could have not updated at that time. Although, Avast has warned me before about Mac MakeUp, labeling it as "potentially unwanted program".

The key exe-file of that program didn't get suddenly infected on my end because I tried downloading it again from various sites, and Avast webshield picks up "the threat" again and chests it immediately. I'm hesitant to put a link here, but if you google "mac makeup 1.95d", you'll surely find it quickly.

So is it really a threat? If so, what exactly IS the threat?

[Pondus]

upload the file(s) to www.virustotal.com and test them with 43 malware scanners.
When you have the result, copy the URL in the address bar and post it here

[Pondus]

done it for you, and ....ops....many scanners that don`t like this....

VirusTotal - MacMakeUp.exe - 18/43
http://www.virustotal.com/file-scan/report.html?id=db4006b42302ab5beaa92fa90b9536ca3020f652f7b3f08359ee2a24632f3918-1285839490

[Pondus]

Norman say

Hi,
This is a generic detection of the packer used. This packer more or less only used by malware and we flag this packer as a "Security risk"

[CJT]

Thanks, Pondus.

And holy christ. That's amazing in two ways. Many of those programs say it's malware, which I find very surprising, but all the big names - AntiVir, Bitdefender, F-Secure, Kaspersky, McAfee, Microsoft, NOD32, Panda, Symantec, Trendmicro - they all listed it harmless. Not to mention, Softpedia claims it's 100% spyware free and whatnot.