« previous next »
Pages: [1]   Go Down

Author Topic: Is this file a virus?  (Read 8674 times)

0 Members and 1 Guest are viewing this topic.

January 31, 2008, 02:49:01 pm
Read 8674 times

Firexer

  • Newbie
  • Offline
  • *
  • 2
Is this file a virus?
Several days ago, I searched on Google for movies and linked to the following page.
Quote
hxxp://powerof3x.com/m6/movie1.php?id=4170
(Be careful if you want to visit this page.)
It prompted me to download a file and execute an ActiveX script.
I download the "setup.exe" file, and then forced to close my IE.
Unfortunately, I forgot this suspicious file in my hard disk. Today, I run the "setup.exe". This file disappeared immediate and nothing happened.
This rouses my conscious. Maybe this is a virus. But I have no way to find it. My kaspersky didn't detect anything.
I also find some information here: http://tacit.livejournal.com/226180.html about the "powerof3x" site.

I went back and downloaded the "setup.exe" and attached in this post.

I am not an expert, just search Google for "powerof3x", then find here, please help.


Logged
January 31, 2008, 05:54:54 pm
Reply #1

JohnC

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1964
Re: Is this file a virus?
The setup.exe from that website is malware. You can find help removing malware from one of these good websites: http://www.malwaredomainlist.com/forums/index.php?topic=40.0
Logged
January 31, 2008, 06:11:14 pm
Reply #2

Firexer

  • Newbie
  • Offline
  • *
  • 2
Re: Is this file a virus?
Thank you very much for your help.
I'll try those links.
Logged
February 01, 2008, 04:13:16 pm
Reply #3

sowhat-x

  • Guest
Re: Is this file a virus?
...self-deleting executable...hadn't came across such in a while:
JohnC,have you removed the attachment?

A very general comment...for all people that can't/don't want to manually analyse,
executables that are not sure what they do,how/when they got in their hard drive and similar...
They should ALWAYS submit at sites like VirusTotal/Jotti,in order to be on the safe side:
currently,this is by far the simplest way,to at least lower the possibilities of infection.
And still,even if multi-AV engine scanners like the above report... nada:
archiving of the files in question,and re-uploading a few days/weeks later...

Not relevant with the sample itself...just a very interested blog,
that came up exactly after googling for 'powerof3x' - by Gary Warner.
Quite a lot of malware addresses listed also ;-)
http://garwarner.blogspot.com/

...this story with iPower is really awesome:
has anyone read the rest of comments in tacit's journal above?
With such (no) action taken towards their infected pages,
they really deserve to be widely blacklisted... >:(
Logged
Pages: [1]   Go Up
« previous next »