WinRAR 3.71 TrojanDownloader virus - How to remove it?

21 05 2008

This article has been published at RLSLOG.net - visit our site for full content.

This is a little unusual post but I feel it’s fair to publish it. I felt quite guilty after yesterday’s mishap with WinRAR 3.71 post, because the rapidshare link we included in the article contained a malware script. The article was removed after we noticed this problem and I explained everything in this comment, however it doesn’t really change anything on a fact that some of you might get infected with this nasty piece of software. As far as I remember, this is the very first time something like this happened, because we always check our files and generally inform only about scene releases.

So after I realized what happened, I thought it would be fair to know what is this malware going to do. So I knowingly launched the infected installation file from the archive and a small avalanche of security warnings from my NOD32 antivirus begun. It really was a nasty piece of code, which didn’t delete files or damage your computer, but it had unpleasant side effects: various popups appearing during your work online, ad hijacking in your browser, general system slowdown and who-knows-what-else. I immediatelly tried to find out a way how to remove this garbage: Ad-Aware, Spybot, Microsoft AntiSpyware and few other tools which didn’t really help.

The infected files were located in C:/Windows/System32 and they had totally random filenames with .DLL extension. Any of the applications mentioned above weren’t able to delete it, not even in Safe Mode. Kaspersky identified the virus as Win32.TrojanDownloader.Agent, other scanners knew the file under Trojan.Vundo-Variant and few other names. After few hours of playing with the files and automatically recreating registry entries, I finally installed a freeware application called SuperAntiSpyware, which was a quick cure to all the problems.

You just need to do download latest virus definitions, do a Smart Scan, reboot the machine and all the files should be gone. This was a surprisingly simple solution after all the hard work I tried, so if you still face some issues after yesterday, SuperAntiSpyware should solve them all pretty fast. I can recommend the application to everyone else as well, it’s actually quite good. Once again, I’m sorry for all the problems we might cause you and hope everything will be fine and you’ll remain a loyal RLSLOG reader.

Martin

more at RLSLOG.net

« Business Card Designs The Chronicles Of Narnia Prince Caspian CLONEDVD-PROCYON »

Actions

Informations

  • Date : 21 May 2008
  • Categories : Uncategorized

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>