When we install the setup file attached below, then we get a two blocking message by site advisor:
The following detection were detected by virus version 15.6 and definition update 6892.
Request you to please re-investigate this issue as this is hurting us a lot. The foloowing site have been checked and found clean on all the other antivirus.
Okay, what's the exe.zip that you've attached? I'm not opening it until I know.
Its a software bundle. It provides users with a list of software to choose from, for easy installation.
The file has been scanned with almost all the antivirus and found clean. During installation it calls on http://www.powerpackdl.com/powerpack-installed/ which is being marked by siteadvisor. http://www.siteadvisor.com/sites/http%3A//www.powerpackdl.com/powerpack-installe d/
The powerpackdl site name keeps coming up in conjunction with assorted warnings. One of the checkers has it down as bundling Adware. I can't scan it with Sucuri because the site won't allow it. This is going to take too long and it's already nearly morning. I'm leaving this for tonight. It needs a deeper investigation than I've been able to do so far.
The zipped file contains one 56K file, "PowerPackWrapper-347-22.214.171.1240.exe" from Linkular LLC, which was scanned by McAfee and Malwarebytes and reported okay. When the file was uploaded to VirusTotal it was detected by ESET as Adware (Win32.Adware.Linkular.AC). Adware on a site might, perhaps, get that site a Yellow (Medium-Risk) rating.
powerpackdl.com has not been tested by SiteAdvisor and Trustedsource provides little information, perhaps because something blocks the tests (as with Sucuri). The site is hosted on Amazon AWS which may be relevant, since NetGuard has been blocking many Amazon IP addresses recently. The IP address for this site though is 126.96.36.199, which is not ine of the blocked ones. IPVoid scanned that address and reported no problems. However, URLVoid scanned the site and reported that Trend Micro identifies it as a Damgerous Site. Another checker confirmed the presence of Win32/Adware.Linkular.AD
As for wajam.com, the main site itself appears to be free of any malware although AVG reports 2 threats (Win/DH) on 2 pages on the site, and Lavasoft was flagging the site as malicious back in May. BitDefender also flagged the site last month.
However, on the main page the "Sign up without downloading" link is highly suspicious. It looks like this
but if you hover the mouse over the link the URL is in the form
Note that "?" - it seems to trigger warnings. The wajam-dot-com/signup is rated as a Malicious Site by TrustedSource.
There are a couple of hostile reviews of wajam.com on Norton SafeWeb and WOT referring to malware from wajam-dot-com. Nothing on SiteAdvisor.
ThreatExpert has an analysis of all the changes made to a PC by downloading from wajam :