Author Topic: virus dans winrar arabic version  (Read 6437 times)

0 Members and 1 Guest are viewing this topic.

Offline altrad

  • Newbie
  • *
  • Posts: 3
virus dans winrar arabic version
« on: May 06, 2010, 10:30:34 PM »
Enter here Newsflash warning WinRar to use the Arabic language
A picture of the program


Arabic version of the company from infected Discovered Kaspersky


Sits on VirusTotal

5/41
http://www.virustotal.com/analisis/5ffd47f50775c2cef712f90fd97342f516315baf555c7790eaad487e7085429d-1273152057

site web Company winrar

www.rarlab.com

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9448
Re: virus dans winrar arabic version
« Reply #1 on: May 06, 2010, 10:47:14 PM »
hi,

don't post in yellow it's impossible to read ;D
w7 - ais7

Online Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26589
Re: virus dans winrar arabic version
« Reply #2 on: May 06, 2010, 10:52:36 PM »
@Logos.......naaaa...you just bend way out to one side...... ;D

just for fun i downloaded the following version and scanned on VirusTotal  32bit Bulgarian / Norwegian / Chinese
all came up CLEAN....so this Arabic version looks to be infected


Anubis Analysis Report
http://anubis.iseclab.org/?action=result&task_id=145cae427390a8aa4fd18411293cc75c5&format=html
« Last Edit: May 06, 2010, 11:06:44 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9448
Re: virus dans winrar arabic version
« Reply #3 on: May 06, 2010, 10:57:52 PM »
doesn't work here, I can't read  :'( ;D >>> could be a side effect of that malware ???
w7 - ais7

Offline 13thSlayer

  • Full Member
  • ***
  • Posts: 161
  • What are ya staring at? The post is to the right.
Re: virus dans winrar arabic version
« Reply #4 on: May 07, 2010, 05:11:52 AM »
I'll translate the first post to a normal language  :-\
I post a warning that popped up while using Arabic version of WinRar
A picture of the program itself:
<pic>
The virus originally was found by Kaspersky, picture of the warning:
<pic>
VirusTotal results:
<link>
WinRar's company site:
<link>
Browser: Mozilla Firefox
OS: PCLinuxOS 2010.12, Mandriva 2010.2 and Windows XP
For security, install WOT. Really.

Offline 13thSlayer

  • Full Member
  • ***
  • Posts: 161
  • What are ya staring at? The post is to the right.
Re: virus dans winrar arabic version
« Reply #5 on: May 07, 2010, 05:13:41 AM »
doesn't work here, I can't read  :'( ;D >>> could be a side effect of that malware ???
Just highlight whatever the dude wrote with your mouse or touchpad or whatever. Sheesh.
Browser: Mozilla Firefox
OS: PCLinuxOS 2010.12, Mandriva 2010.2 and Windows XP
For security, install WOT. Really.

Offline Altarir.

  • Full Member
  • ***
  • Posts: 181
Re: virus dans winrar arabic version
« Reply #6 on: May 07, 2010, 05:21:58 AM »
By the way, normally winrar doesn't have any file named "wrar393a.exe"

thus, its not related to winrar. although it might be some crack for winrar(infected with trojan  ;))
my systems: windows XP sp3; linux PClinuxOS
for the sake of your own security, you should install WOT and NoScript in your browser.

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23656
  • malware fighter
Re: virus dans winrar arabic version
« Reply #7 on: May 07, 2010, 04:30:29 PM »
Halio Altarir,

This is the virustotal result for that particular executable: http://www.virustotal.com/analisis/5ffd47f50775c2cef712f90fd97342f516315baf555c7790eaad487e7085429d-1273152057
Malware from a fake torrent download site for Winrar + Keygen:
htxp://wXw.torrentz.com/a9f4be7f3a8c812cf23889a8c56a0690a552447c

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
    • Shift Style
Re: virus dans winrar arabic version
« Reply #8 on: May 07, 2010, 04:50:13 PM »
I think who translate the program is the person who put the trojan"so i dont enter arabic websites",and i think also that 7-ZIP is better and anyway is an open source
"I'm not afraid to take a stand
Everybody come take my hand
We'll walk this road together, through the storm
Whatever weather, cold or warm
Just let you know that, you're not alone
Holla if you feel that you've been down the same road",Eminem.

Offline 13thSlayer

  • Full Member
  • ***
  • Posts: 161
  • What are ya staring at? The post is to the right.
Re: virus dans winrar arabic version
« Reply #9 on: May 07, 2010, 04:51:02 PM »
Halio Altarir,
Altarir is not Halio, whatever that is.
Browser: Mozilla Firefox
OS: PCLinuxOS 2010.12, Mandriva 2010.2 and Windows XP
For security, install WOT. Really.

Offline 13thSlayer

  • Full Member
  • ***
  • Posts: 161
  • What are ya staring at? The post is to the right.
Re: virus dans winrar arabic version
« Reply #10 on: May 07, 2010, 04:51:46 PM »
I think who translate the program is the person who put the trojan"so i dont enter arabic websites",and i think also that 7-ZIP is better and anyway is an open source
7-Zip is totally awesome, agreed, however PeaZip is also worth a shot  :)
Browser: Mozilla Firefox
OS: PCLinuxOS 2010.12, Mandriva 2010.2 and Windows XP
For security, install WOT. Really.

Online Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26589
Re: virus dans winrar arabic version
« Reply #11 on: May 07, 2010, 05:47:06 PM »
Confirmed by Norman the detection is good - Refroso.AB
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1941
  • KISS Rules The World!!!
    • KISS Army
Re: virus dans winrar arabic version
« Reply #12 on: May 07, 2010, 06:55:54 PM »
I sent this to Microsoft, They say this is not malware.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Online Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26589
Re: virus dans winrar arabic version
« Reply #13 on: May 07, 2010, 07:15:59 PM »
Well i sendt it to avast and MBAM yesterday (5 post before you Marc  ;)  ) so wonder what conclusion they will have   ???


just scanned with MBAM and not detected yet....soooo.....maybe tomorrow..
« Last Edit: May 07, 2010, 07:25:30 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1941
  • KISS Rules The World!!!
    • KISS Army
Re: virus dans winrar arabic version
« Reply #14 on: May 07, 2010, 07:23:36 PM »
I sent it to MBAM also (Sorry I didn't see you had already sent it) So they should be able to do a double take.  ;D ;D
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!