We performed an independent test to see if this could be the result of pre-existing trojans or software threats on people's machines.
Our test setup:
We freshly installed Ubuntu and while we waited for that we downloaded the HiPiHi 40011 installer on a spare linux box and burned that to a rewritable CD to avoid potentially contaminating anything.
We loaded the HiPiHi installer, onto the fresh linux install, and unpacked it by the simple expedient of installing it using wine.
Once it was all installed, we checked it out with two virus scanners, which we freshly installed and updated: Clam Antivirus, and Grisoft's AVG (Free Edition).
- Clam Antivirus did not find any problems.
- AVG reported the trojan signature from the bifrost family, as the story originally reported.
This could still, honestly, be a false positive - in which case, we urge (and have urged) the HiPiHi people to get in touch with Grisoft to clear it up. The mention in the Wikipedia article casts some doubt on the matter.
"The uninstall routine of HIPIHI tends to be infected with a Trojan. With releases up to 30014 it was BDS/Bifrose.Gen from the Bifrost family. The new releases 40011 and 40012 feature the backdoor program Packed.64. The change indicates that the Trojan is deliberately inserted in the code." -- from Wikipedia.
Either the uninstaller is being routinely infected (we don't believe for a moment that that would be condoned or intended by the HiPiHi company), or AVG's scanner is a bit hypersensitive.
Until it is confirmed either way, you should exercise caution. The family of trojans that are claimed to be involved are quite rude strangers to have on your machine, and you want to avoid them. By all means, take a look at HiPiHi, but be careful.