Who would you trust?

There is no shortage of stories about infected digital picture frames out there.  The SANS Internet Storm Center has had several posts on the subject.   When Santa brought my daughter a Sakar "Portable Digital Picture Frame"  I was sure to scan it with some antivirus software.   Sure enough, McAfee reports a Trojan exists in on the device.   I checked the Manufacturers  support page and found this note on the Product FAQ..

"Does my product have a virus?

No. It has come to our attention that some versions of McAfee Antivirus are warning users about a potential virus in one of our files. We have confirmed that this is a false positive. There is no virus and users can install and use their frame without any fear of a virus infection. To avoid any installation issues, we suggest McAfee be temporarily suspended during installation and use. Users of Symantec and other antivirus products are not affected."

Other antivirus products are not affected.  It must just be a McAfee issue right?   What does virustotal have to say?  18/38 (47.38%) of the virus scanners out there report it is a virus.

Norman Sandbox says ..

FEnCodeUnicode.dll : INFECTED with W32/Packed_Nspack.A (Signature: W32/Packed_Nspack.A)

So who do you believe?    Me?  I don't believe either of them.    I can either run the software on an isolated machine and looks for signs of malicious activity or return the product and buy one that doesn't require several hours of analysis before we can use it.     Hmm..