strange .rar behaviour

January 26th, 2020

Ok, i have some sort of a strange issue with my rar files.
Whenever I open or extract a rar file, it has included a file named “winrar.EXE” (just like that, with the capitals on the EXE). But that’s not all of it, after a while of working on my pc, or whenever I boot or reboot it, there are more “winrar.EXE” files added to my rar files. For example, if I turn it off and there is 1 “winrar.EXE” added to the rar files, when I boot it later, there are 2, nex time 3, and so on.
If i try to erase 1 of them, all of them get deleted, but the rest of the original files stay as normal.
The original contents of the rar files are not corrupted, only these added “winrar.EXE” are the problem.
I tried running my antivirus (Avira Antivir), and it found nothing, then i updated it to the latest version, re-run it and it found nothing.
I downloaded an antispyware, the ad-aware from here:http://www.google.com?t=2763005&highlight=and it found nothing.
Then I tried with another antivirus, the Nod32, from here: http://www.google.com?t=2382585&start=0&highlight=
and it also found nothing.
This problem started after I got the Registry mechanic portable from here:
http://www.google.com?t=1873219&highlight=
I noticed this issue after i first run it. I’m not blaming the registry mechanic, but i can’t help to think that this is a registry problem, since no protection software can detect it.
I even restaured the system to one week ago, before this thing had happened, but still the “winrar.EXE” files keep comming back.
Also, no matter how many times i run the registry mechanic, it doesn’t fix it. So, now i’m out of ideas, and i’m facing that maybe I should format my pc. But I’m affraid that maybe it would take me too much time to restore all of the programs I need, specially, since i got to work on my degree project.
So before than that, I decided to ask here. so if there is some idea on how to make this get fixed, then i’d really appreciate it.
I know it’s just a small issue, that doen’t affect my work, but, it’s quite annoying, but above all, it means that something is wrong, and it could escalate to something worse. So, I need to ifx it, before something dangerous happen.
Ok, thats the situation I have. Here’s a picture of how the contents of the rar files looks like.
Image
All of the rar files in my hard drive look like that, some others have more than 10 of those “winrar.EXE”.

Answer #1
can you open the winrar.EXE file?
Answer #2
i suggest uninstalling winrar, deleting its folder [if not already deleted after uninstall], running registry cleaner, then, reinstalling winrar.
Answer #3
yes, it does run, but does nothing, it looks like this in the windows manager:
Image
yet, after a while, it ends running, without me terminating it.
Answer #4
It’s a very basic virus that adds itself to random rar files it find, then terminates. It’s hoping that you’ll be passing the rars on to someone else who’ll think it’s actually winrar and run it, thus creating the whole process all over again. The real winrar is 968Kb..
You made a very basic mistake of running it.. If you’re not sure of a file, for craps sake don’t open it!!.
Try Malwarebytes anti-malware. or this:
http://us.trendmicro.com/us/products/personal/CWShredder/
********** Quotes:
“Other instances of WINRAR.EXE:
1) winrar.exe could also be also an advertising program by CoolWebSearch. This process monitors your browsing habits and distributes the data back to the author’s servers for analysis. This also prompts advertising popups. This process is a security risk and should be removed from your system. Please see additional details regarding this process.”
“winrar.exe – Here is the scoop on CoolWWWSearch / WinRAR. The big question: what is winrar.exe and is it spyware, a trojan and if so, how do I get rid of CoolWWWSearch / WinRAR?
winrar.exe (CoolWWWSearch / WinRAR) – Details
winrar.exe is considered to be a security risk, not only because antivirus programs flag CoolWWWSearch / WinRAR as a virus, but also because a number of users have complained about its performance.
CoolWWWSearch / WinRAR is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of winrar.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information to websites.
The Process Server database currently registers winrar.exe to CoolWWWSearch / rarlab.com. This is part of CoolWWWSearch / WinRAR.
winrar.exe is related to iedll.exe, loader.exe, tapicfg.exe, waol.exe.”
Answer #5
coolWWWsearch? Now there’s a name I have’nt heard for years!
Spybot search & destroy can easily get rid of this, But even so I would still re-install winrar to be on the safe side as it has probably infected that as well as your system files.
Spybot can be found here:
http://www.safer-networking.org/en/spybotsd/index.html
Answer #6
Thanks for your help, i know its stupid to run something so suspicious, but i ignored my own good jusgement just to see “what happened”, so I’m not complaining to anyone about my own mistake.
I tried uninstalling winrar, opened the rar files with 7Zip, and yet they where there (and I was unable to delete them), reinstalled winrar, and they where there, so i’m trying the coolwwwsearch solution and also the Spybot. Otherwise i’ll be “repairing” my windows version, instead of reformating my pc. As I recall, repair the windows installation matains thw drivers and programs installed, just replacing the system files with new ones, so i think it might help that way.
Thanks a lot for your help, I’ll let you know the results.
Answer #7
VIRUS ALERT VIRUS ALERT VIRUS ALERT!!!!!!
Answer #8
Finally I tried the combination of spybot and malwarebytes, and it seems to have worked.
The weird thing is that I hadn’t downloaded anything suspicious before than this whole thing had happened.
Thanks for all of your suggestions.
Now i hope this to help somebody in a similar situation as wel as being capable of helping in the future.
Once again, thanks a lot.
Greetings.
Answer #9
Well i feel bad. I influenced you to open it lol

 

| Sitemap |