A quick roundup of posts:
1) Security researcher Timeless Prototype downloads the Wall-E demo, only to find his antivirus software going crazy. It has detected Spyware.Ardakey.
2) Over at Spyware Sucks, Sandi Hardmeier decides to try downloading versions of the game from different regions, only to find the French, German ,Danish and Italian versions are all 177MB in size, whereas the US version is "only" 133MB. Furthermore, the 177MB versions all have different filenames. Note that (so far) it's the UK version (clocking in at 177MB) that has been snagged by an antivirus program. As Sandi notes, there is no way an extra 40-odd MB are needed for a keylogger, so why the extra filesize?
3) Wayne Porter contacted Cachefly (who manage the servers the game is downloading from), and they said this:
"I can confirm that our servers were not compromised, beyond that I can't offer much else.
Obviously we'd like to be as helpful as possible, but since it's related to customer data we're rather limited in what we can discuss. I've opened a ticket to make THQ aware of this, and we can/will work them on tracking stuff down if we need to (we do have a history of all versions of a file w/ filesizes/md5 checksums, and the dates/times/src ip of all revisions)."
The 177MB file is still available to download, I grabbed it a little earlier on today:
What we really need to know, is if this is anything to be worried about or not. I would have contacted THQ UK directly, but they don't seem to be available on a Sunday. Until this is resolved one way or another, I'd have to advise people not to download this demo as a precaution until THQ (or Norton, whose AV program flagged the file) have clarified exactly what is going on here. We're currently running some more antivirus / antispyware scans against the download in question, but as you can imagine, this takes some time. A particular problem here is that there are issues submitting a file like this to sites such as Virustotal.com, because of their 10MB file size limit.
Sorting this one out might take a while...
/ Update - some people are saying AVAST flags the file, too.