[SOLVED] Is there really malware in this file?

I use a program called YTD Downloader. I have never had a problem with it. The other day I noticed there was an update for it on a reputable download site, so I started to download it and at the end of the download it was flagged by Avast. I tried to download it again from a different, reputable site, and again it was flagged. So I waited a day thinking it was just a false positive that would get “fixed” with the next virus-definitions update. So the next day I tried downloading it and again it was flagged. I’m having a hard time believing there’s malware in it. Does anyone here have any info on this?

And yes, I did submit this to Avast to be tested.

So the next day I tried downloading it and again it was flagged
some important info missing .... flagged as what?

Okay, sorry about that. I had to redownload it because I deleted everything. I got this message this time (I think the message was different yesterday):

FileRepMetagen [Adw]

But this time, it allowed the file through (the completed .exe file is on my drive) whereas yesterday and the day before it was blocked. So I right-clicked the file and did a scan and it came through clean, even though while downloading I got the message above. I also scanned it with Malwarebytes and that scanner detected “PUP: spigot,” which is not a big deal since I know to uncheck these things while installing a program.

Also, sorry about the initial duplicate posts. I was having trouble with my internet connection just now.

FileRepMetagen [Adw] low reputation, few users (happens with new files) and seems to contain adware
does it come bundled with ads, toolbar,…

Malwarebytes and that scanner detected "PUP: spigot,"
aha, so it comes bundled with some crap.... just google [b]spigot malware[/b] PUP = not virus / Possible Unwanted Program

Malwarebytes PUP criteria https://www.malwarebytes.org/pup/

you can upload and test the file here www.virustotal.com / www.metascan-online.com / www.jotti.org
you may post link to scan result here

https://www.virustotal.com/en/file/e751ffc9052c6011b145d468291c7079e079a4455bf767f77070ccc374ffd0dd/analysis/
http://virusscan.jotti.org/nl/scanresult/a5b83c4d5d36f2202238e389e4903fa932aa88d4

On the link for virus total that Eddy gave it says: " Avast Win32:Rootkit-gen [Rtk] "

That’s the message I got yesterday and the day before (I knew it was something different than what I got today).

So is this message a false positive? Since I didn’t get it today?

Read about the removal of that infection: http://spywareremovers.com/how-to-remove-adware-bguard

pol

maybe signature was changed? … Eddys VT scan is 11 hours old, best to post fresh scan

Norman shark added signature as YTDSetup.exe: Spigot.A

I just went to that link again, and now it is saying that Avast says it’s clean (it has a green check-mark). It’s now just 6 minutes old.

Very common behavior for a false positive,

polonus

[b]polonus wrote:[/b] Very common behavior for a false positive
So besides the PUP, which I know how to avoid, everything's okay, I assume? I'll mark this as solved then.

Hi toconvertvid,

We are happy when you are happy.
“SOLVED” is a good verdict.

polonus