So here is the final- we think– wrap-up to the Wall-E Spyware madness…

From Sandi’s blog:

Well, for what it’s worth, I haven’t been able to find anything nefarious in either the UK or USA targeted installers for the wall-e inspired game that Symantec detects as a keylogger.  Wayne reports that Sunbelt’s new VIPRE product has found nothing.  TrendMicro also does not detect a problem.

I have installed the US and UK versions of the software in a VM with Process Monitor running and did not see any sign of Ardamax being installed by the game demo.  I have not tracked down why there is a difference in file size.

There is a chance, of course, that the installers that I downloaded behave differently in a VM, and I don’t have a sacrificial box available for live testing at the moment, but be that as it may, until and unless I find evidence to the contrary, I am assuming that the Symantec alert is a false positive, hoping I don’t have to eat crow later.

 Timeless bangs away at the thing and updates his website and in the process rules out DNS poisoning.

 Christopher Boyd a.k.a. paperghost weighs in at the SpywareGuide.com blog (with a nice wrap-up of events)…and comments that both VIPRE nor VirusScan On Demand turned up anything odd…

The real mystery is way the file size discrepancy? Curious. All the people I spoke with tend to agree it is probably a false positive (still not 100% sure-since VMWare was used), but what a nasty time to have one- during the launch of a major Disney movie…Let’s see what Symantec does…

ADDENDUM: Appears AVAST also flags the file as well…

Popularity: 4% [?]

Share This