See: http://vscan.urlvoid.com/analysis/4bccced6bd281c2c12199aaa9e3b3702/cGxhbml0Z3JlZW4tZXhl/
Win32:Relevant-P found at htxp://www.dvdbackupexpress.com/gdownload/planitgreen.exe
genuine detection?
polonus
See: http://vscan.urlvoid.com/analysis/4bccced6bd281c2c12199aaa9e3b3702/cGxhbml0Z3JlZW4tZXhl/
Win32:Relevant-P found at htxp://www.dvdbackupexpress.com/gdownload/planitgreen.exe
genuine detection?
polonus
Well I think that detection might be on an old VPS as the web shield and file system shield nor ashquick detected anything, so it may be corrected in a later VPS.
http://anubis.iseclab.org/?action=result&task_id=1e31eb33807b9a3c44979d1710ff8f2d7&format=html
Hi DavidR,
Thanks for confirming, thought so after scanning the MD5 hash for this at https://vicheck.ca/md5query.php
Repository Status More Info
vicheck.ca Not reported
VirusTotal.com 1/41 (2%) detected malware (we have questioned that one)
ThreatExpert.com New/Nothing Found none
New/Nothing Found none
polonus
ThreatExpert
http://www.threatexpert.com/report.aspx?md5=4bccced6bd281c2c12199aaa9e3b3702
The following files were created in the system: MD5 5AC09190DAF249C3E93C3AC961067024
http://www.threatexpert.com/threats/proxy-oss.html
http://www.virustotal.com/file-scan/report.html?id=f4934185f75518a13ef5425959f47516cc8467f513e838a82e749ffb782d7e23-1303059546
RelevantKnowledge Description
http://www.spywareremove.com/removeRelevantKnowledge.html
Sophos
Thank you for the sample.These files are a part of the “Plant it green” application. This application bundles the adware “Relevent knowledge” which we do detect. If you wish, the “Relevent knowledge” part can be authorized (via the quarantine or the Authorization section in the Sophos client or your anti-virus and HIPS policies in the Sophos management console).
The “Plant it green” appication itself is not malicous.
Details from the labs:
planitgreen.exe: does not warrant a detection
rkverify.exe: we’ve created a new application control detection: App/RK-D (dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\rkverify.exe by planitgreen.exe)
_shfoldr.dll: clean (dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp_isetup_shfoldr.dll by planitgreen.exe)
CSM2.tmp: we’ve created a new application control detection: App/RK-D (dropped to \Documents and Settings\support\Local Settings\Temp\CSM2.tmp by planitgreen.exe)
isxdl.dll: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\isxdl.dll by planitgreen.exe
worlddomination2_lrg1.bmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\worlddomination2_lrg1.bmp by planitgreen.exe
planitgreen_lrg1.bmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\planitgreen_lrg1.bmp by planitgreen.exe
habitatrescue_lrg1.bmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\habitatrescue_lrg1.bmp by planitgreen.exe
Games.inf: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\Games.inf by planitgreen.exe
auto.bmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\auto.bmp by planitgreen.exe
sample.tmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-TUKT8.tmp\sample.tmp by planitgreen.exe
_RegDLL.tmp: clean (dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp_isetup_RegDLL.tmp by planitgreen.exe)