There have been a number of forum posts regarding this, sorry to add one more. But things really look like a bit of a mess right now. Last night I tried downloading 2.5.8.0 from imgburn and two mirrors (softpedia and majorgeeks). As noted in
http://forum.imgburn.com/index.php?/topic/24647-download-from-imgburn-mirror-reported-infected-from-symantec/
the file size from imgburn.com alone is different. The file downloaded from imgburn is the only one to match the 2.5.8.0 checksums claimed by the imgburn site download info:
MD5: 0B4C94F8480F8CD13E160BCEAAAA8B29 SHA-1: 6FC013ED5944B13EFC54648699EA80F304E37AD0
However! This post (I believe from the imgburn author) in 2016
http://forum.imgburn.com/index.php?/topic/24395-md5-doesnt-match-any-downloadable-installers/?p=158913
says these are the valid 2.5.8.0 checksums:
MD5: 4BF2B8F4B46385BFDA4D65E423CFB868 SHA-1: 6A3D20796E1FCD4169D5D339AF6E491DCEA3367C
and in fact those are the checksums for the isos I downloaded from softpedia and majorgeeks.
This is worrisome, and feels a bunch like the imgburn master download site has itself been compromised.
Comments / clarification greatly appreciated! [As is making the imgburn program in the first place, great software, thanks!]
regards, Eric