Hi true indian,
Again a questionable one as I will explain below.
Given as non-malicious here: htxp://www.isthisfilesafe.com/md5/0EB6C55CF33E5EB5DF9421668E053492_details.aspx
Maybe a detectionwas flagged because the program is protected against reverse engineering with modern-wizard.bmp, which some scanners
will flag as a possible malware packer, but actually comes virusfree, and because of the presence of "checkver104.exe
& ioSpecial.ini / silent installer also sometimes flagged, depending on the location of it.
Scanned htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe with DrWeb's oneline check turns up these results,
at some occasions commented by me at the end of the scan lines....
Engine version: 7.0.2.4281
Total virus-finding records: 2874792
File size: 962.25 KB
File MD5: 0eb6c55cf33e5eb5df9421668e053492
htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe - archive NSIS (NSIS packer identified by Fprot packer identifier)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/script.bin - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\ioSpecial.ini - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\modern-wizard.bmp - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/AutoBackup.exe - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/Backup.dll - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/FileBackup.dll - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/FolderTree.dll - Ok (validity should be checked)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/IrisSkin2.dll - Ok (Sunisoft - safe)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/LogViewer.exe - Ok (- Module'
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/PowerBackupandRestore.exe - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/SimpleSync.dll - Ok (location should be verified)
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe - archive BINARYRES
>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data001 - Ok
>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data002 - archive JS-HTML
>>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data002/JSTAG_1[9][8c] - Ok
>>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe/data002 - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/CheckVer104.exe - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\iOClean.ini - Ok / silent installer, could evoke Sandbox alert
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\InstallOptions.dll - Ok
>htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\ExecDos.dll - Ok
>hxtp://www.applicationbox.info/PowerBackupandRestoreSetup.exe/_=9A=80\System.dll - Ok
htxp://www.applicationbox.info/PowerBackupandRestoreSetup.exe - Ok
Typical executable flagged by Emisoft, malware active since 012-05-18 08:10:59 - other instances from other domains closed.
Analysis see:
http://camas.comodo.com/cgi-bin/submit?file=9a0dd7a6e08b7476fde0dc774b72d0e8cd780883bd53a2747c078eab6ef0e4c7a variant of Win32/Agent.SZW
Bitdefender flagged this variant of Win32/Agent.SZWas ROJ_LOWZONE.BMC (backdoor)
polonus