What is the appropriate course of action if you believe a manufacturer's driver contains a trojan or virus, beyond just contacting them?
Details
After my computer-savvy girlfriend got her first (known) virus (a trojan in this case), I went through her download history to try and find the source. Everything checked out clean except for a driver that she recently downloaded from what we believe is the manufacturer's web site of her VisTablet (the bottom link is the one we believe to contain a virus).
We're reformatting her hard drive, just to be safe, so I'm not worried about getting rid of the virus(es). I am, however, concerned that more people might fall victim to this and I am wondering what the best course of action is, beyond attempting to contact the (possibly shady--private whois, no identity in TLS certificate) owners of that web site.
Evidence
Here's a link to the specific file (WARNING: MAY CONTAIN VIRUS): (removed)
Here's an online scan I made of that file: http://virusscan.jotti.org/en/scanresult/6abbd6a44a0d99340fa54db610fe0977ed79a885/e6a4ec2444d0a9b3bd20786d7ecba8458b7d2c8a
Only one of the scanners found anything at all: Troj.Downloader.W32.Aphex.020
. I might chalk this up to a false positive, but it's the only lead I have and the timing is perfect. Shortly after she installed that file, two separate trojans were detected (albeit not the one found by that scanner). I'd be interested in hearing if it's possible to verify that the file really does contain a trojan or if it is just a false positive (perhaps a Windows VM with Wireshark?).