Author Topic: Is this file a virus?  (Read 6243 times)

0 Members and 1 Guest are viewing this topic.

January 31, 2008, 02:49:01 pm
Read 6243 times

Firexer

  • Newbie

  • Offline
  • *

  • 2
Several days ago, I searched on Google for movies and linked to the following page.
Quote
hxxp://powerof3x.com/m6/movie1.php?id=4170
(Be careful if you want to visit this page.)
It prompted me to download a file and execute an ActiveX script.
I download the "setup.exe" file, and then forced to close my IE.
Unfortunately, I forgot this suspicious file in my hard disk. Today, I run the "setup.exe". This file disappeared immediate and nothing happened.
This rouses my conscious. Maybe this is a virus. But I have no way to find it. My kaspersky didn't detect anything.
I also find some information here: http://tacit.livejournal.com/226180.html about the "powerof3x" site.

I went back and downloaded the "setup.exe" and attached in this post.

I am not an expert, just search Google for "powerof3x", then find here, please help.



January 31, 2008, 05:54:54 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
The setup.exe from that website is malware. You can find help removing malware from one of these good websites: http://www.malwaredomainlist.com/forums/index.php?topic=40.0

January 31, 2008, 06:11:14 pm
Reply #2

Firexer

  • Newbie

  • Offline
  • *

  • 2
Thank you very much for your help.
I'll try those links.

February 01, 2008, 04:13:16 pm
Reply #3

sowhat-x

  • Guest
...self-deleting executable...hadn't came across such in a while:
JohnC,have you removed the attachment?

A very general comment...for all people that can't/don't want to manually analyse,
executables that are not sure what they do,how/when they got in their hard drive and similar...
They should ALWAYS submit at sites like VirusTotal/Jotti,in order to be on the safe side:
currently,this is by far the simplest way,to at least lower the possibilities of infection.
And still,even if multi-AV engine scanners like the above report... nada:
archiving of the files in question,and re-uploading a few days/weeks later...

Not relevant with the sample itself...just a very interested blog,
that came up exactly after googling for 'powerof3x' - by Gary Warner.
Quite a lot of malware addresses listed also ;-)
http://garwarner.blogspot.com/

...this story with iPower is really awesome:
has anyone read the rest of comments in tacit's journal above?
With such (no) action taken towards their infected pages,
they really deserve to be widely blacklisted... >:(