Author Topic: virus dans winrar arabic version  (Read 7421 times)

0 Members and 1 Guest are viewing this topic.

Offline altrad

  • Newbie
  • *
  • Posts: 3
virus dans winrar arabic version
« on: May 06, 2010, 10:30:34 PM »
Enter here Newsflash warning WinRar to use the Arabic language
A picture of the program


Arabic version of the company from infected Discovered Kaspersky


Sits on VirusTotal

5/41
http://www.virustotal.com/analisis/5ffd47f50775c2cef712f90fd97342f516315baf555c7790eaad487e7085429d-1273152057

site web Company winrar

www.rarlab.com

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9446
Re: virus dans winrar arabic version
« Reply #1 on: May 06, 2010, 10:47:14 PM »
hi,

don't post in yellow it's impossible to read ;D
w7 - ais7

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29128
Re: virus dans winrar arabic version
« Reply #2 on: May 06, 2010, 10:52:36 PM »
@Logos.......naaaa...you just bend way out to one side...... ;D

just for fun i downloaded the following version and scanned on VirusTotal  32bit Bulgarian / Norwegian / Chinese
all came up CLEAN....so this Arabic version looks to be infected


Anubis Analysis Report
http://anubis.iseclab.org/?action=result&task_id=145cae427390a8aa4fd18411293cc75c5&format=html
« Last Edit: May 06, 2010, 11:06:44 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9446
Re: virus dans winrar arabic version
« Reply #3 on: May 06, 2010, 10:57:52 PM »
doesn't work here, I can't read  :'( ;D >>> could be a side effect of that malware ???
w7 - ais7

Offline 13thSlayer

  • Full Member
  • ***
  • Posts: 161
  • What are ya staring at? The post is to the right.
Re: virus dans winrar arabic version
« Reply #4 on: May 07, 2010, 05:11:52 AM »
I'll translate the first post to a normal language  :-\
I post a warning that popped up while using Arabic version of WinRar
A picture of the program itself:
<pic>
The virus originally was found by Kaspersky, picture of the warning:
<pic>
VirusTotal results:
<link>
WinRar's company site:
<link>
Browser: Mozilla Firefox
OS: PCLinuxOS 2010.12, Mandriva 2010.2 and Windows XP
For security, install WOT. Really.

Offline 13thSlayer

  • Full Member
  • ***
  • Posts: 161
  • What are ya staring at? The post is to the right.
Re: virus dans winrar arabic version
« Reply #5 on: May 07, 2010, 05:13:41 AM »
doesn't work here, I can't read  :'( ;D >>> could be a side effect of that malware ???
Just highlight whatever the dude wrote with your mouse or touchpad or whatever. Sheesh.
Browser: Mozilla Firefox
OS: PCLinuxOS 2010.12, Mandriva 2010.2 and Windows XP
For security, install WOT. Really.

Offline Altarir.

  • Full Member
  • ***
  • Posts: 181
Re: virus dans winrar arabic version
« Reply #6 on: May 07, 2010, 05:21:58 AM »
By the way, normally winrar doesn't have any file named "wrar393a.exe"

thus, its not related to winrar. although it might be some crack for winrar(infected with trojan  ;))
my systems: windows XP sp3; linux PClinuxOS
for the sake of your own security, you should install WOT and NoScript in your browser.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26610
  • malware fighter
Re: virus dans winrar arabic version
« Reply #7 on: May 07, 2010, 04:30:29 PM »
Halio Altarir,

This is the virustotal result for that particular executable: http://www.virustotal.com/analisis/5ffd47f50775c2cef712f90fd97342f516315baf555c7790eaad487e7085429d-1273152057
Malware from a fake torrent download site for Winrar + Keygen:
htxp://wXw.torrentz.com/a9f4be7f3a8c812cf23889a8c56a0690a552447c

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
Re: virus dans winrar arabic version
« Reply #8 on: May 07, 2010, 04:50:13 PM »
I think who translate the program is the person who put the trojan"so i dont enter arabic websites",and i think also that 7-ZIP is better and anyway is an open source
Dreams don't die, they just fall asleep.

Offline 13thSlayer

  • Full Member
  • ***
  • Posts: 161
  • What are ya staring at? The post is to the right.
Re: virus dans winrar arabic version
« Reply #9 on: May 07, 2010, 04:51:02 PM »
Halio Altarir,
Altarir is not Halio, whatever that is.
Browser: Mozilla Firefox
OS: PCLinuxOS 2010.12, Mandriva 2010.2 and Windows XP
For security, install WOT. Really.

Offline 13thSlayer

  • Full Member
  • ***
  • Posts: 161
  • What are ya staring at? The post is to the right.
Re: virus dans winrar arabic version
« Reply #10 on: May 07, 2010, 04:51:46 PM »
I think who translate the program is the person who put the trojan"so i dont enter arabic websites",and i think also that 7-ZIP is better and anyway is an open source
7-Zip is totally awesome, agreed, however PeaZip is also worth a shot  :)
Browser: Mozilla Firefox
OS: PCLinuxOS 2010.12, Mandriva 2010.2 and Windows XP
For security, install WOT. Really.

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29128
Re: virus dans winrar arabic version
« Reply #11 on: May 07, 2010, 05:47:06 PM »
Confirmed by Norman the detection is good - Refroso.AB
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1941
  • KISS Rules The World!!!
    • KISS Army
Re: virus dans winrar arabic version
« Reply #12 on: May 07, 2010, 06:55:54 PM »
I sent this to Microsoft, They say this is not malware.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29128
Re: virus dans winrar arabic version
« Reply #13 on: May 07, 2010, 07:15:59 PM »
Well i sendt it to avast and MBAM yesterday (5 post before you Marc  ;)  ) so wonder what conclusion they will have   ???


just scanned with MBAM and not detected yet....soooo.....maybe tomorrow..
« Last Edit: May 07, 2010, 07:25:30 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1941
  • KISS Rules The World!!!
    • KISS Army
Re: virus dans winrar arabic version
« Reply #14 on: May 07, 2010, 07:23:36 PM »
I sent it to MBAM also (Sorry I didn't see you had already sent it) So they should be able to do a double take.  ;D ;D
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!