Malware Domain List

Malware Related => Malware Analysis => Topic started by: Firexer on January 31, 2008, 02:49:01 pm

Title: Is this file a virus?
Post by: Firexer on January 31, 2008, 02:49:01 pm

Several days ago, I searched on Google for movies and linked to the following page.

Quote

hxxp://powerof3x.com/m6/movie1.php?id=4170

(Be careful if you want to visit this page.)
It prompted me to download a file and execute an ActiveX script.
I download the "setup.exe" file, and then forced to close my IE.
Unfortunately, I forgot this suspicious file in my hard disk. Today, I run the "setup.exe". This file disappeared immediate and nothing happened.
This rouses my conscious. Maybe this is a virus. But I have no way to find it. My kaspersky didn't detect anything.
I also find some information here: http://tacit.livejournal.com/226180.html about the "powerof3x" site.

I went back and downloaded the "setup.exe" and attached in this post.

I am not an expert, just search Google for "powerof3x", then find here, please help.

Title: Re: Is this file a virus?
Post by: JohnC on January 31, 2008, 05:54:54 pm

The setup.exe from that website is malware. You can find help removing malware from one of these good websites: http://www.malwaredomainlist.com/forums/index.php?topic=40.0

Title: Re: Is this file a virus?
Post by: Firexer on January 31, 2008, 06:11:14 pm

Thank you very much for your help.
I'll try those links.

Title: Re: Is this file a virus?
Post by: sowhat-x on February 01, 2008, 04:13:16 pm

...self-deleting executable...hadn't came across such in a while:
JohnC,have you removed the attachment?

A very general comment...for all people that can't/don't want to manually analyse,
executables that are not sure what they do,how/when they got in their hard drive and similar...
They should ALWAYS submit at sites like VirusTotal/Jotti,in order to be on the safe side:
currently,this is by far the simplest way,to at least lower the possibilities of infection.
And still,even if multi-AV engine scanners like the above report... nada:
archiving of the files in question,and re-uploading a few days/weeks later...

Not relevant with the sample itself...just a very interested blog,
that came up exactly after googling for 'powerof3x' - by Gary Warner.
Quite a lot of malware addresses listed also ;-)
http://garwarner.blogspot.com/

...this story with iPower is really awesome:
has anyone read the rest of comments in tacit's journal above?
With such (no) action taken towards their infected pages,
they really deserve to be widely blacklisted... >:(