Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Does Powelik download/install CryptoWall


  • This topic is locked This topic is locked
8 replies to this topic

#1 HighTide1

HighTide1

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 07 November 2014 - 11:03 AM

Hello BleepingComputer forums. I was doing some reading on Powelik, and some people have said that it downloads CryptoWall onto your computer. Is this true? Should I worry, or just disconnect all internet connectivity?



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:25 PM

Posted 07 November 2014 - 09:37 PM

Where did your read that it downloads CryptoWall?

They both spread in a similar manner.

Poweliks has reportedly been delivered through social engineering...by opening malicious spam emails that claim to be a missed package delivery from the Canadian Post or U.S. Postal Service (USPS) purportedly carrying tracking information and exploit kits.

Crypto malware is also typically spread through social engineering and user interaction...i.e. opening suspicious emails and opening an infected word docs with embedded macro viruses and sometimes via exploit kits. It can be disguised in email attachments which appear to be legitimate correspondence from reputable companies such as banks and Internet providers or UPS or FedEx with tracking numbers. Attackers will use email addresses and subjects (i.e. example) that will entice a user to read the email and open the attachment.

US-CERT advises there have been reports that some victims encounter the malware after clicking on a malicious link within an email or following a previous infection from botnets such as Zbot/Z-bot (Zeus) which downloads and executes the ransomware as a secondary payload from infected websites. Other types or crypto malware have been reported to spread on YouTube ads, via browser exploit kits and drive-by downloads when visiting compromised web sites.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 LiquidTension

LiquidTension

  • Malware Response Instructor
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 07 November 2014 - 11:39 PM

As well as opening a backdoor, Poweliks is known to download other malware onto the infected machine. I've often seen Zbot, Tracur and ZeroAccess downloaded onto systems infected with Poweliks.


Posted Image

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:25 PM

Posted 08 November 2014 - 07:05 AM

In addition to downloading more malicious file, Poweliks has the capability to steal system information which may be used by cybercriminals to launch other attacks.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 08 November 2014 - 07:16 AM

Since Powelik is known to download other types of malware, would it be better for me to disconnect my laptop from the Internet, until the issue is resolved?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:25 PM

Posted 08 November 2014 - 07:22 AM

This is not a new thing. There have been many other types of malware which also open backdoors and download more malicious files.

To protect yourself, just keep following Best Practices for Safe Computing and be aware of how this stuff spreads.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 HighTide1

HighTide1
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:06:25 PM

Posted 08 November 2014 - 07:54 PM

I'm sorry to ask a question like this, but how do you think I was infected? I never open any emails on my laptop, I save those for my mobile device. When my computer slowed down, it was immediately after I opened a web link that was listed in Steam's news links, which opened via Internet Explorer. Is it possible the server it connected to was compromised, and that it then downloaded/ran the virus? I'm trying to cover all bases of how I got the infection, and trying to prevent future infections. Also, should I or shouldn't I disable my WiFi? If Powelik downloads more malware and opens a backdoor, would disabling my WiFi entirely be the best way to limit any further spree of the damage? I have also completely turned it off. I know this isn't the best place for this comment, but I need answers to these questions. I'm scared.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:25 PM

Posted 08 November 2014 - 10:48 PM


if you need individual assistance with malware removal, please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:25 PM

Posted 09 November 2014 - 08:52 AM

Your new topic is posted here.

Now that your new topic is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users