Unclassified Malware[at]8360451

CAV is reporting C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe as unclassified malware. I think this is a false positive since the files in SWSETUP come with HP computers. No other scanners such as Malwarebytes or SuperAntiSpyware detect this file as a threat. Norton 2009 did not either.

I’m using CIS 3.8.65951.477 with database 1147 on XP Media Center Edition SP3

Hi Dch48,

We are going to have a look at it.
We will get back to you after investigation.

-Chandra Mohan

I appear to have a related problem. I also am using CIS 3.8.65951.477 but with database 1149.


Today: Monday, 2009, May 4


HP Pavilion dv7-1243d
Windows Vista Home Premium


Heur.Packed.Unknown C:\SwSetup\MSDVD\Data1.cab:_E96E9B9D25DEBAD8DAE4E6EAD0944D05
Heur.Packed.Unknown C:\SwSetup\MSDVD\Data1.cab:_08A14B7BCA584194BEBD4DF76D784491
Heur.Packed.Unknown C:\SwSetup\MSDVD\Data1.cab:_E178A527178641C29E549470BFC1B08D
Heur.Pck.RLPack C:\SwSetup\MSDVD\Data1.cab:_9F24A3C8D76E4653BC0549D285EDE783
Heur.Pck.RLPack C:\SwSetup\MSDVD\Data1.cab:_A54E795D57654041918510582CD0A8AF
Heur.Pck.RLPack C:\SwSetup\MSDVD\Data1.cab:_AFA8AD080C8044248943B51909200CBE
Heur.Pck.RLPack C:\SwSetup\MSDVD\Data1.cab:_152CAF6665074E3FB6A75941644A7A9C
Heur.Pck.RLPack C:\SwSetup\MSDVD\Data1.cab:_E51D107C6EDA43EFBB3F083BFAB4CC71
Heur.Packed.Unknown C:\SwSetup\MSDVD\Data1.cab:_9FF6596EFE40400EAA5B4F45F393CDF1
Heur.Packed.Unknown C:\SwSetup\MSDVD\Data1.cab:_EC7FA41FD4F64E22A95020BB84EAE66C
Heur.Packed.Unknown C:\SwSetup\MSDVD\Data1.cab:_E40C7EC5088740D0A4BD9EF706FECEBB
Heur.Packed.Unknown C:\SwSetup\MSDVD\Data1.cab:_F096ACEF6FB349048640C481BEDA2007


Hi JamesOnTheWay,

Please submit mentioned samples to the forum
For more info on submission of files, please check this link

-Chandra Mohan

upload the files to http://www.virustotal.com and see what other av says

edit: can’t spell :smiley:

The link is wrong-you left out the u in virus it should be http://www.virustotal.com

With the latest CAV database, the file I submitted is now classified as --Application.W32.AdWare.Digstream.g@8360451.
I guess this means it does contain some form of adware and/or spyware. Virustotal only reports it being detected by 4 or 5 of the other antivirus scanners, most of which I have never heard of. The major ones are still not detecting it as a threat.