Avast only one to detect..

See: http://vscan.urlvoid.com/analysis/4bccced6bd281c2c12199aaa9e3b3702/cGxhbml0Z3JlZW4tZXhl/

and http://www.virustotal.com/file-scan/report.html?id=ee2be4333e7ed9f52731c4d9f1fe09db9f77ad280fa12dabb16136fc46220e35-1303415438

Win32:Relevant-P found at htxp://www.dvdbackupexpress.com/gdownload/planitgreen.exe

genuine detection?

polonus

Well I think that detection might be on an old VPS as the web shield and file system shield nor ashquick detected anything, so it may be corrected in a later VPS.

http://anubis.iseclab.org/?action=result&task_id=1e31eb33807b9a3c44979d1710ff8f2d7&format=html

Hi DavidR,

Thanks for confirming, thought so after scanning the MD5 hash for this at https://vicheck.ca/md5query.php

Repository Status More Info
vicheck.ca Not reported

VirusTotal.com 1/41 (2%) detected malware (we have questioned that one)

ThreatExpert.com New/Nothing Found none

Team-CYMRU.org

New/Nothing Found none

polonus

ThreatExpert
http://www.threatexpert.com/report.aspx?md5=4bccced6bd281c2c12199aaa9e3b3702

The following files were created in the system: MD5 5AC09190DAF249C3E93C3AC961067024
http://www.threatexpert.com/threats/proxy-oss.html
http://www.virustotal.com/file-scan/report.html?id=f4934185f75518a13ef5425959f47516cc8467f513e838a82e749ffb782d7e23-1303059546

RelevantKnowledge Description
http://www.spywareremove.com/removeRelevantKnowledge.html

Sophos

Thank you for the sample.

These files are a part of the “Plant it green” application. This application bundles the adware “Relevent knowledge” which we do detect. If you wish, the “Relevent knowledge” part can be authorized (via the quarantine or the Authorization section in the Sophos client or your anti-virus and HIPS policies in the Sophos management console).

The “Plant it green” appication itself is not malicous.

Details from the labs:

planitgreen.exe: does not warrant a detection

rkverify.exe: we’ve created a new application control detection: App/RK-D (dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\rkverify.exe by planitgreen.exe)

_shfoldr.dll: clean (dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp_isetup_shfoldr.dll by planitgreen.exe)

CSM2.tmp: we’ve created a new application control detection: App/RK-D (dropped to \Documents and Settings\support\Local Settings\Temp\CSM2.tmp by planitgreen.exe)

isxdl.dll: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\isxdl.dll by planitgreen.exe

worlddomination2_lrg1.bmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\worlddomination2_lrg1.bmp by planitgreen.exe

planitgreen_lrg1.bmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\planitgreen_lrg1.bmp by planitgreen.exe

habitatrescue_lrg1.bmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\habitatrescue_lrg1.bmp by planitgreen.exe

Games.inf: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\Games.inf by planitgreen.exe

auto.bmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp\auto.bmp by planitgreen.exe

sample.tmp: dropped to \Documents and Settings\support\Local Settings\Temp\is-TUKT8.tmp\sample.tmp by planitgreen.exe

_RegDLL.tmp: clean (dropped to \Documents and Settings\support\Local Settings\Temp\is-V4IDM.tmp_isetup_RegDLL.tmp by planitgreen.exe)