cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

False positive detection on http://www.powerpackdl.com/powerpack-installed/

Hi,

When we install the setup file attached below, then we get a two blocking message by site advisor:

  1. http://www.powerpackdl.com/powerpack-installed/ is marked and blocked as suspicious site.
  2. http://www.wajam.com/signup is marked and blocked as dangerous site.

The following detection were detected by virus version 15.6 and definition update 6892.

Request you to please re-investigate this issue as this is hurting us a lot. The foloowing site have been checked and found clean on all the other antivirus.

Thanks

Sameer

4 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 5

Re: False positive detection on http://www.powerpackdl.com/powerpack-installed/

Okay, what's the exe.zip that you've attached? I'm not opening it until I know.

Highlighted

Re: False positive detection on http://www.powerpackdl.com/powerpack-installed/

Hi Hayton,

Its a software bundle. It provides users with a list of software to choose from, for easy installation.

The file has been scanned with almost all the antivirus and found clean. During installation it calls on http://www.powerpackdl.com/powerpack-installed/ which is being marked by siteadvisor. http://www.siteadvisor.com/sites/http%3A//www.powerpackdl.com/powerpack-installed/

Thanks

Sameer

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: False positive detection on http://www.powerpackdl.com/powerpack-installed/

The powerpackdl site name keeps coming up in conjunction with assorted warnings. One of the checkers has it down as bundling Adware. I can't scan it with Sucuri because the site won't allow it. This is going to take too long and it's already nearly morning. I'm leaving this for tonight. It needs a deeper investigation than I've been able to do so far.

powerpackdl (1).png

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 5

Re: False positive detection on http://www.powerpackdl.com/powerpack-installed/

The zipped file contains one 56K file, "PowerPackWrapper-347-1.0.0.1040.exe" from Linkular LLC, which was scanned by McAfee and Malwarebytes and reported okay. When the file was uploaded to VirusTotal it was detected by ESET as Adware (Win32.Adware.Linkular.AC). Adware on a site might, perhaps, get that site a Yellow (Medium-Risk) rating.

powerpackdl.com has not been tested by SiteAdvisor and Trustedsource provides little information, perhaps because something blocks the tests (as with Sucuri). The site is hosted on Amazon AWS which may be relevant, since NetGuard has been blocking many Amazon IP addresses recently. The IP address for this site though is 107.23.104.22, which is not ine of the blocked ones. IPVoid scanned that address and reported no problems. However, URLVoid scanned the site and reported that Trend Micro identifies it as a Damgerous Site. Another checker confirmed the presence of Win32/Adware.Linkular.AD

As for wajam.com, the main site itself appears to be free of any malware although AVG reports 2 threats (Win/DH) on 2 pages on the site, and Lavasoft was flagging the site as malicious back in May. BitDefender also flagged the site last month.

However, on the main page the "Sign up without downloading" link is highly suspicious. It looks like this

wajam signup.JPG

but if you hover the mouse over the link the URL is in the form

dodgy url.JPG

Note that "?" - it seems to trigger warnings. The wajam-dot-com/signup is rated as a Malicious Site by TrustedSource.

There are a couple of hostile reviews of wajam.com on Norton SafeWeb and WOT referring to malware from wajam-dot-com. Nothing on SiteAdvisor.

ThreatExpert has an analysis of all the changes made to a PC by downloading from wajam :

http://www.threatexpert.com/report.aspx?md5=ef786f05934e18c66fa9528b56d2446b

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community