Avast WEBforum
Other => Viruses and worms => Topic started by: altrad on May 06, 2010, 10:30:34 PM
-
Enter here Newsflash warning WinRar to use the Arabic language
A picture of the program
(http://www.ar-tr.com/uploaded/uploading/winrar6.gif)
Arabic version of the company from infected Discovered Kaspersky
(http://img203.imageshack.us/img203/9872/sshot1d.png)
Sits on VirusTotal
5/41
http://www.virustotal.com/analisis/5ffd47f50775c2cef712f90fd97342f516315baf555c7790eaad487e7085429d-1273152057 (http://www.virustotal.com/analisis/5ffd47f50775c2cef712f90fd97342f516315baf555c7790eaad487e7085429d-1273152057)
site web Company winrar
www.rarlab.com
-
hi,
don't post in yellow it's impossible to read ;D
-
@Logos.......naaaa...you just bend way out to one side...... ;D
just for fun i downloaded the following version and scanned on VirusTotal 32bit Bulgarian / Norwegian / Chinese
all came up CLEAN....so this Arabic version looks to be infected
Anubis Analysis Report
http://anubis.iseclab.org/?action=result&task_id=145cae427390a8aa4fd18411293cc75c5&format=html
-
doesn't work here, I can't read :'( ;D >>> could be a side effect of that malware ???
-
I'll translate the first post to a normal language :-\
I post a warning that popped up while using Arabic version of WinRar
A picture of the program itself:
<pic>
The virus originally was found by Kaspersky, picture of the warning:
<pic>
VirusTotal results:
<link>
WinRar's company site:
<link>
-
doesn't work here, I can't read :'( ;D >>> could be a side effect of that malware ???
Just highlight whatever the dude wrote with your mouse or touchpad or whatever. Sheesh.
-
By the way, normally winrar doesn't have any file named "wrar393a.exe"
thus, its not related to winrar. although it might be some crack for winrar(infected with trojan ;))
-
Halio Altarir,
This is the virustotal result for that particular executable: http://www.virustotal.com/analisis/5ffd47f50775c2cef712f90fd97342f516315baf555c7790eaad487e7085429d-1273152057
Malware from a fake torrent download site for Winrar + Keygen:
htxp://wXw.torrentz.com/a9f4be7f3a8c812cf23889a8c56a0690a552447c
polonus
-
I think who translate the program is the person who put the trojan"so i dont enter arabic websites",and i think also that 7-ZIP is better and anyway is an open source
-
Halio Altarir,
Altarir is not Halio, whatever that is.
-
I think who translate the program is the person who put the trojan"so i dont enter arabic websites",and i think also that 7-ZIP is better and anyway is an open source
7-Zip is totally awesome, agreed, however PeaZip is also worth a shot :)
-
Confirmed by Norman the detection is good - Refroso.AB
-
I sent this to Microsoft, They say this is not malware.
-
Well i sendt it to avast and MBAM yesterday (5 post before you Marc ;) ) so wonder what conclusion they will have ???
just scanned with MBAM and not detected yet....soooo.....maybe tomorrow..
-
I sent it to MBAM also (Sorry I didn't see you had already sent it) So they should be able to do a double take. ;D ;D
-
ThreatExpert - infected
http://www.threatexpert.com/report.aspx?md5=c67d415e114eb1efbfbd4450a2b14f39
-
Hi Pondus,
Did you see this inside the malware description?
CLSID{"B41DB860-8EE4-11D2-9906-E49FADC173CA"}
= a malicious CLSID, that the malware you linked to shares with a.o. W32/Sality.gen.e [McAfee] ; Mal/Sality-D [Sophos] ; Virus:Win32/Sality.AT [Microsoft] worms etc. re:, also: http://www.bleepingcomputer.com/forums/lofiversion/index.php/t269541.html
apparently a malicious Winrar plug-in: http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=168299
polonus
-
The story continues.....
New mail from Norman the detection was a False Positive so the file is CLEAN
and Avira say CLEAN
end thats the end of that........maybe.... ;D
-
McAfee classified the program WinRAR latest version of Trojan-infected can infect the system and crashing to the McAfee report sent to the company producing the program for this injury caused by this program for equipment users in the Arab world
Thank you :D
-
???
What Happened About This Software Winrar v393 Arabic ???
??? ??? ???