Releaselog | RLSLOG.net » WinRAR 3.71 TrojanDownloader virus

WinRAR 3.71 TrojanDownloader virus – How to remove it?

Posted on 21.05.2008 at 16:07 in Offtopic by Martin

This is a little unusual post but I feel it’s fair to publish it. I felt quite guilty after yesterday’s mishap with WinRAR 3.71 post, because the rapidshare link we included in the article contained a malware script. The article was removed after we noticed this problem and I explained everything in this comment, however it doesn’t really change anything on a fact that some of you might get infected with this nasty piece of software. As far as I remember, this is the very first time something like this happened, because we always check our files and generally inform only about scene releases.

So after I realized what happened, I thought it would be fair to know what is this malware going to do. So I knowingly launched the infected installation file from the archive and a small avalanche of security warnings from my NOD32 antivirus begun. It really was a nasty piece of code, which didn’t delete files or damage your computer, but it had unpleasant side effects: various popups appearing during your work online, ad hijacking in your browser, general system slowdown and who-knows-what-else. I immediatelly tried to find out a way how to remove this garbage: Ad-Aware, Spybot, Microsoft AntiSpyware and few other tools which didn’t really help.

The infected files were located in C:/Windows/System32 and they had totally random filenames with .DLL extension. Any of the applications mentioned above weren’t able to delete it, not even in Safe Mode. Kaspersky identified the virus as Win32.TrojanDownloader.Agent, other scanners knew the file under Trojan.Vundo-Variant and few other names. After few hours of playing with the files and automatically recreating registry entries, I finally installed a freeware application called SuperAntiSpyware, which was a quick cure to all the problems.

You just need to do download latest virus definitions, do a Smart Scan, reboot the machine and all the files should be gone. This was a surprisingly simple solution after all the hard work I tried, so if you still face some issues after yesterday, SuperAntiSpyware should solve them all pretty fast. I can recommend the application to everyone else as well, it’s actually quite good. Once again, I’m sorry for all the problems we might cause you and hope everything will be fine and you’ll remain a loyal RLSLOG reader.

Martin

Comments(190)

Previous post: Reaper S01E18 HDTV XviD-2HD
Next post: The Chronicles Of Narnia Prince Caspian CLONEDVD-PROCYON

Comments (190)

Feel free to post your WinRAR 3.71 TrojanDownloader virus – How to remove it? torrent, subtitles, samples, free download, quality, NFO, rapidshare, megashares, sendspace, megaupload, filefactory, netload, crack, serial, keygen, requirements or whatever-related comments here. Don't be rude (permban), use only English, don't go offtopic and read FAQ before asking a question. Owners of this website aren't responsible for content of comments.

Pages: [1] 2 » Show All

MS

May 21st, 2008 | 16:12

happens to the best. no worries
Pop006

May 21st, 2008 | 16:14

way to own up to it guys, big of you
nice move and thanks for the steps to cure
CuRsE

May 21st, 2008 | 16:14

This Helps, I Got such a damn Virus a long time ago..its Horrible, and yes these fkn .dll´s change their fkn names

http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99
RicRogue

May 21st, 2008 | 16:14

This is probably one of the safest sources, I’ve seen. We all make mistakes. Good recovery and acknowledgment.
Cry

May 21st, 2008 | 16:16

I downloaded it but didn’t open it… though I think I accesed only the folder. I don’t have any Antivirus or AntiSpyware installed cuz I just finished reinstalling Windows. So was I infected?
jonnyBoy

May 21st, 2008 | 16:17

I’m glad I didn’t install it then…
Seems nasty- either that, or it was a ploy to get people to download that anti-software you talked about (A conspiracy theory, I know, but this IS the internet we’re talking about here).

Hmm… that’s why I make and use portable apps on a flash drive (just have to keep it from writing to registry and putting anything in the Sys32 folder) any potential problems are stopped there, usually.

Eh… happens to everyone.
jackhol

May 21st, 2008 | 16:18

dude nice one i didn’t download the program but i do like the way u resolve these situations thumbs up to rlslog staff
ke

May 21st, 2008 | 16:19

Yeah I tried to install but my AVG free edition warned it’s a virus and deleted it I’ll still have a go with this other free thing
well

May 21st, 2008 | 16:19

i was thinking about to download that winrar i saw yesterday but glad i didn’t. Speaking of it, i’m not too disapointed with my old one, which isn’t so old and i’m used to it, so no problem.

RLSLOG FTW!!!
HevyDani

May 21st, 2008 | 16:23

Didn’t download this but, thumbs up for how you handled it
George

May 21st, 2008 | 16:36

SUPERAntispyware is the best solution to this type of Malware, BUT it is important to make the search in SAFEMODE. Reboot into safemode, search your drive with SuperAntispyware and you should be fine.

This Vundo malware is a nasty peace of crap, really. Glad there are good programs that can get rid of them…!
noob's!

May 21st, 2008 | 16:36

BitDefender > NOD32/Kaspersky
Anton Chigurh

May 21st, 2008 | 16:37

Anyone who decides to install warez should know that getting their box infected is a possibility. By the time it makes it to p2p, you have no way of knowing if someone messed with the damned thing. Want 100% virus free app? Pay for it or go open source. Bottom line: not Martin’s fault.

Here’s an excellent open source alternative to WinRAR:
http://www.7-zip.org/
maddog

May 21st, 2008 | 16:37

for you information winrar 3.71 is old like 3 to 5 month i dont know where did u get the info saying that been released yesterday and the version am using 3.71 doesnt need any crack or serial just intall
macUser

May 21st, 2008 | 16:38

@20, grow up

Cheers rlslog for fix
Mark

May 21st, 2008 | 16:39

I actually downloaded the WinRAR and got the trojan. Tried a few things and said hell with it and just reformatted my system. It worked, but I lost a lot of stuff.
The Voice

May 21st, 2008 | 16:40

Serve yourselves right for not having decent ANTI VIRUS software installed in the first place.
Godlike

May 21st, 2008 | 16:40

Yes i’ve scaned right now and my kaspersky tell me that it’s a virus but lucky for me I didnt’ install it yet. !! but as some one say earlier it happens to the best so don’t worry I and I think that the rest of us will still be you r reader and FANS!!! greatings from Romania
Raol

May 21st, 2008 | 16:41

Gr8 work
Martin…..keep it up
kot markiz

May 21st, 2008 | 16:41

Thank you Martin! I am not afected, but very appresiate for post! Loyal to RLSLOG!
Jammin

May 21st, 2008 | 16:42

I got the virus but luckily AVG 8.0 was able to detect it and remove it before it could embed itself in my PC.

Dont worry about it.
Bob

May 21st, 2008 | 16:44

Kaspersky detects and successfully removes all the components of the infection with the latest update (Trojan-downloader.win32.agent. )

Download the trial, update it and run a full scan:

http://www.kaspersky.com/anti-virus_trial

You may also run VundoFix to get rid of Vundo (free tool):

http://vundofix.atribune.org/

SuperAntiSpy will probably clean up and remenants if there are any:

http://www.superantispyware.com
Charlie

May 21st, 2008 | 16:47

Finally! someone talks about this, about a month ago i got infected withe the release here of Swift3D 5.0, it messed my pc and lost an hour to get my system back in shape, the strange thing is that i downloaded a rapidshare link someone posted on the comments and the file was clean, is it possible that someone who posts the torrent wraps the application with this nasty worm? Hope people post more info about this situation because it can happen with any next interesting release.
$hadow

May 21st, 2008 | 16:48

Now your one of us, no one is perfect, but we can try to do our best, keep up the good work and thank god i dont use pirated winrar, only trials with nasty popup window “register register register” still safer anyways
ak

May 21st, 2008 | 16:50

Try also dr web cure it ,it’s free requires no installation.And only open the warez you download in software like sandboxie,or safe space.They are free(u can register sandboxie with keygen from rlslog if u want) so don’t accuse me that i’m doing propaganda.
http://freedrweb.com/cureit/
http://www.sandboxie.com/index.php?DownloadSandboxie
http://www.artificialdynamics.com/content/products/register-personal.aspx
356354

May 21st, 2008 | 16:53

Nice to see you acknowledge the mistake. I think most of us will continue using the site.
luzf3r

May 21st, 2008 | 16:53

good thing i just check here and don’t dl the stuff. but i also got a realtime scanner which would have warned me tho.

still a lot of respect from me for getting this public.
HaDeZz

May 21st, 2008 | 16:57

DUMBASSES
OrthodoxAtheist

May 21st, 2008 | 17:03

Agree with @1 and @2… well handled. Oh, and you’ve just increase the solution’s download numbers 10x on your recommendation. If it can beat out the bigger players you mentioned (in this case) then I reckon I’ll be checking it out too. Already had Winrar total package so thankfully I didn’t need your link. WinRar FTW. Sorry to see Winzip get pipped after being around since almost day 1, but WinRar just is a much more capable and friendly product. I remember the days of LHA… ha.
sally

May 21st, 2008 | 17:04

spybot, kaspersky and spyware doctor all detected this worm/trojan but were unable to completly remove it (it came back despite being reported as cleaned). Ad-aware and ms defender didn’t detect it at all. Symantecs fixvundo just crashes. I hope SuperAntiSpyware does a better job
WeeRuz

May 21st, 2008 | 17:05

I once came across Vundo too.. I used a simple app called VundoBeGone. Booted in safe mode and started the app.. Followed the instructions and it where gone
loco

May 21st, 2008 | 17:06

thx for deleting my posts, american freedom of speech fakers

I was simply stating, that, if you buy yourself a mac or get aquainted with linux, you won’t have to deal with trojans and any of that stuff. at least for now…

So, in essence: Thanks for nothing!
lickit

May 21st, 2008 | 17:11

should of been checked before link was posted on here….the amount of traffic that hits this place daily and u dont check a file (not even a big file would of took seconds to check)u guys should no better check before you post.. enough said
Bob

May 21st, 2008 | 17:12

@loco

Yeah, that is what you mac fanboys think.

I have some nasty crap in my collection ESPECIALLY for OSX and it will screw your mac just as well as any pc so don’t feel too smug with your “bulletproof” mac…
Boyer

May 21st, 2008 | 17:15

should have uploaded to mediafire instead of rapidshare no but wait i bet you want all these rapidshare points…. mediafire scans the file for viruses then uploads it.. lol
jonnyBoy

May 21st, 2008 | 17:16

@33, loco-

Don’t bother posting that Mac stuff here, please. It’s just flame-bait if you do.

Fact: 75% of people aren’t tech savvy enough to run Linux, and most of them don’t have the kind of funds it takes to go Mac. That’s why (gaging as I say it) Dell is so popular.

I’ll stick with my quad-boot combo box:: WinXP/Vista/Ubuntu/OS X tiger

it works- most of the time
Weirdcore

May 21st, 2008 | 17:17

Thanx Martin i was about to wipe it clean, =] Your forgiven!
Newt182

May 21st, 2008 | 17:17

sh!t i downloaded this and left it on my hardrive ready for the next time i reinstall xp. winrar is 1 of the first things i install after a format.
indianpunk

May 21st, 2008 | 17:19

even if everythings is not fine i dont see any1 else has a choice although clone sites have started still u guys are pretty good with your work and will easily get away with this mishap as the goodwill in your balance sheet is quite good at the moment

no worries
and yea i did’nt download the app so thats i why i’m being nice heheh
FreeRyde

May 21st, 2008 | 17:20

I got nice infestation of Vundo v5 the other day, from an Adobe Flash CS3 Portable. NOD32 spotted and claimed to have deleted it, but it got me anyway. I used UnHack Me. Thanks to those that posted other suggestions. I’ve had this a couple of other times and recognize Vundo symptoms right away. It can happen to anyone. Sometimes there is a price…
QuadrupelQ

May 21st, 2008 | 17:20

“We all make mistakes”…

That is of course no excuse, this was a very bad thing. It was stupid and should not have happened. Still, cudos to Martin for giving us some grade-A customer support! I’ll be very carefull when downloading thing from rlslog though…

OR is this just a very clever add for “SuperAntiSpyware”??? Make you wonder doesn’t it…
Stitch10925

May 21st, 2008 | 17:24

I usually have the habit of scanning everything I DL, now the one time I didn’t scan it contains a virus! Talk about bad luck. But np, did a scan with BitDefender, it found it, and fixed it, problem solved.

@Martin: Thanx for the post, I prob wouldn’t have noticed the virus until the next scan if it wasn’t for this post

(And for you peeps wondering why BitDefender didn’t catch it during DL or installation: I messed around yesterday and accidentally disabled some BitDefender services :-S)

Greets
Netranger

May 21st, 2008 | 17:24

Here is the “SuperAntiSpyware” newest version with crack for LIFETIME…. Enjoy

http://rapidshare.com/files/116554784/SUPER.A5.PRO.1046.rar
sharky99

May 21st, 2008 | 17:25

that dudes an idiot rarring is 30 % more efficient than .zip!
CuRsE

May 21st, 2008 | 17:27

HELP!!!!
I Idiot Testes if the Virus is in the Setup.exe….AHHHH

http://picfront.org/d/D5aCGT8u94L/screeny0002.jpg
MartinisIrrelevant

May 21st, 2008 | 17:29

lol. how many poss have been deleted?? 17 talks about 20 growing up.

@34 and 36 unless martin was the one that ul to rs, can’t expect him to check all, although this does make martin more a kn0b than his usual irrelevant to the scene tech news.

lol. bet this gets deleted.

@5. moron. why you downloading before installing any av or anything. lol. n00b idtent
carlitos

May 21st, 2008 | 17:34

I’ve been using superantispyware for a while, its a nice bit of freeware to complement your standard av software. I already had winrar 3.71 which works perfectly months ago, so last nights post showing the same thing made me suspicious, then I read the comments! It happens, its one of the risks when trying to get “free” stuff
lol

May 21st, 2008 | 17:37

naab again then. NAAB
CuRsE

May 21st, 2008 | 17:39

Damn this Superscnner hadnt worked!!!

Help me, thousands of processes are connecting somewhere and
Email Spam began, my Internet is sooooooo slowly, damn help me!!!
Error Messages from Generic Host Processes win32 come and go….DAMN!!!

I Need Really Help600 Online Services Run, svchost, and 3.exe programs named “d”"egvkwjvt” and “tnqorx” are placed at C:/

Email Spam comes if i go Online

Soemone can help per ICQ?
433533089

TAHNK YOU!
ak

May 21st, 2008 | 17:43

Curse when u are running the scans,disable system restore,and reboot the PC,And press F8,to scan in safe mode.Anymay consider making back up and do a reinstall.It’s only 30 minutes and probably it’s the best thing if the infection spread.
d3p

May 21st, 2008 | 17:49

good i was busi yesterday, that i never installed it lol, and good that i check this site every day for updates.
lickit

May 21st, 2008 | 17:52

something fishy going on here
1.why post it in first place (not a new version)
2.why keep it on site for as long as u guys did
3.and with the scene hating you guys as much as they do even though not scene rls u still should of scaned before upload its common sense
so sorry guys but i will not be usin this site no more and by the looks of things it wont just be me
@50 best thing is just format i rekon sorry to say m8 i do feel for ya m8 as everyone else does
mistakes do happen but this could of been prevented……..
rlslog guys before u delete this thread why have a comment section when u delete comments that affend u (freedom of speach) yeah whatever
peace out
boss

May 21st, 2008 | 17:56

Your Files ?¿!
Kenzie

May 21st, 2008 | 18:02

Nice one for owning up and finding a way to fixed it.
LordSnot

May 21st, 2008 | 18:05

Damn huge loss. lickit has left.
am3n

May 21st, 2008 | 18:07

you m0f0 f-u.ck3d m3 0v4r!!

wt–f????

i w4nt you to go and di3 iN H3LL!!!
chrismg84

May 21st, 2008 | 18:10

smitfraud?
Leise

May 21st, 2008 | 18:15

This release is better WinRAR.v3.71-YAG
ak

May 21st, 2008 | 18:15

There is something wrong here that i wouldn’t want to make a big deal about it,even if others who made comments post about this.Winrar 3.71 is from september 2007.8 months ago.You can get hundreds of them prom p2p sites.Many are infected but if u know your way around you can get one easily.I have one precracked.I’m sure martin also had 3.71 as many of us and still he presented this as a new release??A mistake.Probably,but a big one and not scanning it was another one even bigger than the 1st.
Netranger

May 21st, 2008 | 18:16

Have to say, I have always used “Spyware Doctor” but this program, “SuperAntiSpyware” is awesome. I am now dropping “Spyware Doctor” for this.

Thanks.

Jim
Re:

May 21st, 2008 | 18:24

@am3n, “you m0f0 f-u.ck3d m3 0v4r!!”

Learn to read, write, and get a damn antivirus.
The only l33t talk you’re allowed to use from now on is “Ima #*&$@n’, #*&$@n’ n00b!” You’re that embarrassing.
Jackie

May 21st, 2008 | 18:24

Nasty one, it is.. I spent all day long at work today trying to get rid of this on my home computer (via Remote Desktop, and I did not dare to try and reboot in safe mode in case I could not use Remote Desktop again).
I used the following tools to remove it (in this order or so):
Task manager – to kill rundll32.exe and other strange processes
Security Task Manager – to unload/delete loaded/injected DLLs (some could not be removed though)
(probably not needed) Unlocker – To unlock (and rename) some DLLs already in use.. Worked after a few times.. But programs will start crashing and in the end all DLLs could not be unlocked/removed after all
Sophos Anti-Rootkit – Oh my this did wonders! It was indeed a rootkit (C:\WINDOWS\system32\drivers\qandr.sys) (which locked and hid the other DLLs) installed and this one removed it.
Security Task Manager – yay, this time I could unload/remove everything
Went to %SystemRoot%\system32, viewed a detailed list of the files, sorted by date, deleted all strange exe/dll files modified at the time (or later) I ran the WinRAR “install” exe.
I think (I don’t remember the right path) c:\d.exe was also created by this nasty thing.

Something like this. Oh yeah, and you may somehow be unable to unload certain DLLs (I had one) with Security Task Manager if it’s unregistered.. A license key worked (from serials[dot]com.. Or, wait.. It seemed to be registered but it complained when I wanted to remove the DLL :S Strange.. Must be a bug? But I managed to “fix” it my way anyways (hehe). But you should buy it of course ]:-)

Maybe there are easier methods but if you somehow couldn’t get the guide provided by rlslog working, you could give this a try.
jaloxaji

May 21st, 2008 | 18:34

#44 are you stupid? Or can’t you read.

“freeware application called SuperAntiSpyware”
A.z

May 21st, 2008 | 18:40

Good thing that I didn’t installed it.
I had this version on my computer (3.71) and I wanted to crack it, but the .reg file didn’t worked at all…
THANK GOD!!!
D84

May 21st, 2008 | 18:43

I Did get the trojan was not any danger in it i use avast viruspogram it did take carre of it so any of you guys have problem get avast antivirusprogram its fix the fil just a tip
end to the reslog the virus end codes can get past the best dont worry love you work end i alwas share what i leetche
Jerico

May 21st, 2008 | 18:43

I have to say, i’ve been using superantispyware for some time now and it seems to actually WORK. Trust me I have tried several different kinds of anti-this-n-that programs which very rarely work. Plus you actually get technical support from their forum I highly recommend this program.
resident

May 21st, 2008 | 18:44

i now use spybot, put the spybot sd resident on when you reboot, and it sees every registery chance, and ask you what to do.
kalis

May 21st, 2008 | 18:54

So do you unistall winrar?
heinzy

May 21st, 2008 | 19:06

I caught a vundo trojan a month ago and i couldnt lose it, not even with superantispyware. ultimately i was forced to reformatting my hdd. since then i scan all my downloads before activating/unpacking. there are several vundo variants so perhaps this one is not irremovable like the one i had. good luck with it.
sweaty ballsack

May 21st, 2008 | 19:12

Had Vundo already, took ages, tried everything, but running AVG Free Edition “in Safe mode” cleaned it all up and was running tick-boo in no time.

Didn’t down the WinRAR, thank god, don’t need that one again! I really like the way you guys stand up and face these issues, top form. As others have said, it happens to the best of us, but most just hide or point fingers at others instead.
philips14c

May 21st, 2008 | 19:12

I’m using Superantispyware for some time now great app! I told you guys the best thing to do is to disable System Restore and boot in safe mode and only then disinfect your PC!
BTW: The time is important! here If the virus has time to do enough damage than nothing will fix you computer! So remove it ASAP or else format and reinstall everything! LOL!
ak

May 21st, 2008 | 19:13

Razvane sa imi bag pula in mata.E ok?You can delete my comment a simple response to the spammer above me.
gorgar75

May 21st, 2008 | 19:19

that why dont download RS links
TORRENT rules
Lumberg

May 21st, 2008 | 19:19

What about doing a “System Restore” I find this can save time in removing malware if it is caught early enough? I dont feel like I want to purposefully infect my self or a VM with this to try it, but wanted to pose the question. Thanks for doing the right thing, admission of wrong goes a long way in the public eye.
sweaty ballsack

May 21st, 2008 | 19:23

lickit – “(freedom of speach) yeah whatever”

Yeah whatever, now go and learn your Constitutional rights. You have no guarantee of free speech on a private forum, what a tool, you don’t even understand your own rights and yet you whine about them being infringed upon?
Held3r

May 21st, 2008 | 19:31

since we’re on it, another application that you guys posted here a wile, blazeHDTV, had a trojan too… :\ and.. of course, it played everything except HDTD lol.
sad man

May 21st, 2008 | 19:44

i got fired because i installed this at work
THEAST

May 21st, 2008 | 19:47

Hah,good old vundo!And nobody can do anything about it!It’s sometime that I know this nasty stuff,so far as I know,none of the current antiviruses can delete it cause it adds itself to winologon.exe and by killing that process,you just have 5 seconds before getting a blue screen!The remover is also outdated and can’t remove the latest versions.I even got a version that could not be detected by any of the anviruses in virustotal.com!Ok,to give some useful information,it’s so easy to find the dlls,just look for dlls in system 32 with an exact size of 37888bytes.If you have more than two,and the crc checksum of the files is the same,then it’s vundo.The best thing you can do is to kill winologon.exe and explorer.exe with an unlocker and remove the dlls with cmd before getting the blue screen!
jalaffa

May 21st, 2008 | 19:48

Very mature response to the mistake. Thanks. Also – a good forum should have members spotting these incidents. It was spotted = rlslog.net is a great site.
jones

May 21st, 2008 | 19:56

Ummmm… was this whole thing just an ad for Superantispyware?
Bob

May 21st, 2008 | 19:59

It was very courageous and mature to own up to the mistake, but people and mistakes, its only human, forgive and forget.

I myself, didn’t download the WinRar program, but I did download the spyware program you supplied in this topic and I just wanted to thank you for it, because it helped me find this pesky virus that was hiding in my system.

So without further a due, Thank You!
The Voice

May 21st, 2008 | 20:01

Hmmmmm… http://www.superantispyware.com/reseller.html
mannubhai

May 21st, 2008 | 20:02

In my case a software by Malwarebytes called Anti-Malware helped m otherwise I was tempted to reinstall my OS which woud have been a major pain. THe virus which was a mix of Vundoand a trojan according to the anti malware is gone for good now folks.
the ogiginal idiot

May 21st, 2008 | 20:06

It’s pretty obvious that this was done purposely. The fact is rlslog has changed so much over the past year, i.e. posting games and other warez crap. It should not be a surprise then if they share spyware – then call it an “accident.”

It’s laughable that some of you are giving “props” to people who want to F**K up your computer. Is it possible it was an accident? Of course. But it’s incredibly unlikely. You have to be “new” to the internet and be of the age of 12 to share something like this – without any form of scanning and/or research. Like someone else said – it’s common sense.

And hello, why share an old rls? Come on, if that isn’t a red flag for all of you, then I don’t know what is…

Like many others here, I have put up with the changes overtime: warez crap, the lack of decent writers who actually know what they are talking about, and the slowness of reporting the latest rls’. Mostly we get crappy games and movie rls of “B” grade movies no one cares about. And to top it off, warez with spyware.

I hope others will see this as a time to move on as well. It’s a shame that this place has gone downhill so rapidly. But there are still many supporters who Im sure will try and keep their faith here. Good luck.
Logger

May 21st, 2008 | 20:08

wouldn’t it be ironic if superAntispyware also contain some form for virus or spyware in it…. …anyway…It won’t since that’s a nice proggy…glad I didn’t download it as I already have winrar and I don’t really see the point in updating it to the latest version….unless major features are added….
ak

May 21st, 2008 | 20:08

Lol @84 .i don’t think we can draw this conclusions,even if Martin made a mistake.The free version has the same removal capabilities as the paid one.
The Voice

May 21st, 2008 | 20:11

Lol@irony.
sb40

May 21st, 2008 | 20:12

SUPERAntiSpyware Professional Edition fix only direct download link .. http://www.hotlinkfiles.com/files/1354068_erqnl/Fix.rar
oldgoomer

May 21st, 2008 | 20:19

The Vundo got this oldgoomer a couple of weeks ago. The superantispy,vundofix,fixvundo,spybot,trojan remover didn’t work for me at all.DLed StopZilla..ran it thru & wound up super clean. I now keep it running in the background & do a full sys. check while I sleep every night.
It was originally put out as a pop up stopper…now has Built into today’s form.
If you can find StopZilla 3.1.0.7 it will build to the current form with spyware protection.
Give it a go when all else fails.
-oldgoomer-
ionk (staff)

May 21st, 2008 | 20:21

this week aint the best rlslog ever had
AkshunJezus

May 21st, 2008 | 20:22

i just got vundo but not from winrar, i got it from an adobe app. my antivirus was able to quarantine it but not clean/purge it. am i in danger if its in quarantine?
paul

May 21st, 2008 | 20:23

i downloaded winrar ages ago and had loads of problems so i had to reinstall windows so i use winzip 11 its got rar extensions in there so don’t download winrar.
haha lol

May 21st, 2008 | 20:23

@1 – NO, it doesnt happen even to the best. And rar 3.71 is been in my pc for at least 6 months or so. Maybe this is a new build but wtf ? There’s been so much important soft thats been rlsd but not covered from u ,that makes it ridiculous to report every other rar build . Pff…..
sb40

May 21st, 2008 | 20:26

have to agree .. rlslog isnt doing that great for new software atm . i could post atleast 5 new DECENT apps everyday .. lets be honest the quality of releases lately have been less than average .
PorkChop

May 21st, 2008 | 20:27

75,

torrents, right. where 75% are infected, fake or just puit together in a barn.

it doesn’t matter what the d/l method is, the place you get your source what counts.
haha lol

May 21st, 2008 | 20:29

oh and @ 94 Paul- yeah ,next thing u gonna tell us is Windows Paint had u reinstall windows…
If u dont know wtf u r doing just rtfm and learn and do not speak nonsense.
Leonardo

May 21st, 2008 | 20:29

winrar 3.71? that is out for hald a year. my bet is the virus was posted on purpose.
dracks

May 21st, 2008 | 20:32

Well done for owning up and posting the fix. I only used the crack which worked superbly and will now delete the install file. I will still RLSLOG and find the info always good.
haha lol

May 21st, 2008 | 20:34

@96-sb40: exactly m8 ,this website is a nice effort to put it all together under one umbrella which i like,but the coverage is much less than ideal. Sometimes it makes me think that these guys don’t even have a proper news subscription,lol
YoKo

May 21st, 2008 | 20:45

I suggest you to check google for a string named “Vundo +cleaning”. I’ve had this trojan few months ago, and NO SuperSpyware didn’t clean it well, but you have to download a small proggie (few hundred kb’s) with name (if i remember right)vundokiller.
It was the only solution to kill this really annoying bastard.
Anyway SPYBOT-SEARCH AND DESTROY can be helpful too, also and Hi-JackThis..
Have fun with this bastard, it took me 1 day to clean it fully and i’ve downloaded it with this ratio-destroyer tool for torrents.
PS. NOD32 latest didn’t recognized it well, or clean it, and so no other AV software will, trust me, tried all!