WinRAR 3.71 TrojanDownloader virus – How to remove it?
This is a little unusual post but I feel it’s fair to publish it. I felt quite guilty after yesterday’s mishap with WinRAR 3.71 post, because the rapidshare link we included in the article contained a malware script. The article was removed after we noticed this problem and I explained everything in this comment, however it doesn’t really change anything on a fact that some of you might get infected with this nasty piece of software. As far as I remember, this is the very first time something like this happened, because we always check our files and generally inform only about scene releases.
So after I realized what happened, I thought it would be fair to know what is this malware going to do. So I knowingly launched the infected installation file from the archive and a small avalanche of security warnings from my NOD32 antivirus begun. It really was a nasty piece of code, which didn’t delete files or damage your computer, but it had unpleasant side effects: various popups appearing during your work online, ad hijacking in your browser, general system slowdown and who-knows-what-else. I immediatelly tried to find out a way how to remove this garbage: Ad-Aware, Spybot, Microsoft AntiSpyware and few other tools which didn’t really help.
The infected files were located in C:/Windows/System32 and they had totally random filenames with .DLL extension. Any of the applications mentioned above weren’t able to delete it, not even in Safe Mode. Kaspersky identified the virus as Win32.TrojanDownloader.Agent, other scanners knew the file under Trojan.Vundo-Variant and few other names. After few hours of playing with the files and automatically recreating registry entries, I finally installed a freeware application called SuperAntiSpyware, which was a quick cure to all the problems.
You just need to do download latest virus definitions, do a Smart Scan, reboot the machine and all the files should be gone. This was a surprisingly simple solution after all the hard work I tried, so if you still face some issues after yesterday, SuperAntiSpyware should solve them all pretty fast. I can recommend the application to everyone else as well, it’s actually quite good. Once again, I’m sorry for all the problems we might cause you and hope everything will be fine and you’ll remain a loyal RLSLOG reader.
Martin
Comments(191)
happens to the best. no worries
way to own up to it guys, big of you
nice move and thanks for the steps to cure
This Helps, I Got such a damn Virus a long time ago..its Horrible, and yes these fkn .dll´s change their fkn names
http://www.symantec.com/security_response/writeup.jsp?docid=2004-112210-3747-99
This is probably one of the safest sources, I’ve seen. We all make mistakes. Good recovery and acknowledgment.
I downloaded it but didn’t open it… though I think I accesed only the folder. I don’t have any Antivirus or AntiSpyware installed cuz I just finished reinstalling Windows. So was I infected?
I’m glad I didn’t install it then…
Seems nasty- either that, or it was a ploy to get people to download that anti-software you talked about (A conspiracy theory, I know, but this IS the internet we’re talking about here).
Hmm… that’s why I make and use portable apps on a flash drive (just have to keep it from writing to registry and putting anything in the Sys32 folder) any potential problems are stopped there, usually.
Eh… happens to everyone.
dude nice one
i didn’t download the program but i do like the way u resolve these situations thumbs up to rlslog staff 
Yeah I tried to install but my AVG free edition warned it’s a virus and deleted it
I’ll still have a go with this other free thing 
i was thinking about to download that winrar i saw yesterday but glad i didn’t. Speaking of it, i’m not too disapointed with my old one, which isn’t so old and i’m used to it, so no problem.
RLSLOG FTW!!!
Didn’t download this but, thumbs up for how you handled it
SUPERAntispyware is the best solution to this type of Malware, BUT it is important to make the search in SAFEMODE. Reboot into safemode, search your drive with SuperAntispyware and you should be fine.
This Vundo malware is a nasty peace of crap, really. Glad there are good programs that can get rid of them…!
BitDefender > NOD32/Kaspersky
Anyone who decides to install warez should know that getting their box infected is a possibility. By the time it makes it to p2p, you have no way of knowing if someone messed with the damned thing. Want 100% virus free app? Pay for it or go open source. Bottom line: not Martin’s fault.
Here’s an excellent open source alternative to WinRAR:
http://www.7-zip.org/
for you information winrar 3.71 is old like 3 to 5 month i dont know where did u get the info saying that been released yesterday and the version am using 3.71 doesnt need any crack or serial just intall
@20, grow up
Cheers rlslog for fix
I actually downloaded the WinRAR and got the trojan. Tried a few things and said hell with it and just reformatted my system. It worked, but I lost a lot of stuff.
Serve yourselves right for not having decent ANTI VIRUS software installed in the first place.
Yes i’ve scaned right now and my kaspersky tell me that it’s a virus but lucky for me I didnt’ install it yet. !! but as some one say earlier it happens to the best so don’t worry I and I think that the rest of us will still be you r reader and FANS!!! greatings from Romania
Gr8 work
Martin…..keep it up
Thank you Martin! I am not afected, but very appresiate for post! Loyal to RLSLOG!
I got the virus but luckily AVG 8.0 was able to detect it and remove it before it could embed itself in my PC.
Dont worry about it.
Kaspersky detects and successfully removes all the components of the infection with the latest update (Trojan-downloader.win32.agent. )
Download the trial, update it and run a full scan:
http://www.kaspersky.com/anti-virus_trial
You may also run VundoFix to get rid of Vundo (free tool):
http://vundofix.atribune.org/
SuperAntiSpy will probably clean up and remenants if there are any:
http://www.superantispyware.com
Finally! someone talks about this, about a month ago i got infected withe the release here of Swift3D 5.0, it messed my pc and lost an hour to get my system back in shape, the strange thing is that i downloaded a rapidshare link someone posted on the comments and the file was clean, is it possible that someone who posts the torrent wraps the application with this nasty worm? Hope people post more info about this situation because it can happen with any next interesting release.
Now your one of us, no one is perfect, but we can try to do our best, keep up the good work and thank god i dont use pirated winrar, only trials with nasty popup window “register register register” still safer anyways
Try also dr web cure it ,it’s free requires no installation.And only open the warez you download in software like sandboxie,or safe space.They are free(u can register sandboxie with keygen from rlslog if u want) so don’t accuse me that i’m doing propaganda.
http://freedrweb.com/cureit/
http://www.sandboxie.com/index.php?DownloadSandboxie
http://www.artificialdynamics.com/content/products/register-personal.aspx
Nice to see you acknowledge the mistake. I think most of us will continue using the site.
good thing i just check here and don’t dl the stuff. but i also got a realtime scanner which would have warned me tho.
still a lot of respect from me for getting this public.
DUMBASSES
Agree with @1 and @2… well handled.
Oh, and you’ve just increase the solution’s download numbers 10x on your recommendation. If it can beat out the bigger players you mentioned (in this case) then I reckon I’ll be checking it out too. Already had Winrar total package so thankfully I didn’t need your link. WinRar FTW. Sorry to see Winzip get pipped after being around since almost day 1, but WinRar just is a much more capable and friendly product. I remember the days of LHA… ha. 
spybot, kaspersky and spyware doctor all detected this worm/trojan but were unable to completly remove it (it came back despite being reported as cleaned). Ad-aware and ms defender didn’t detect it at all. Symantecs fixvundo just crashes. I hope SuperAntiSpyware does a better job
I once came across Vundo too.. I used a simple app called VundoBeGone. Booted in safe mode and started the app.. Followed the instructions and it where gone
thx for deleting my posts, american freedom of speech fakers
I was simply stating, that, if you buy yourself a mac or get aquainted with linux, you won’t have to deal with trojans and any of that stuff. at least for now…
So, in essence: Thanks for nothing!
should of been checked before link was posted on here….the amount of traffic that hits this place daily and u dont check a file (not even a big file would of took seconds to check)u guys should no better check before you post.. enough said
@loco
Yeah, that is what you mac fanboys think.
I have some nasty crap in my collection ESPECIALLY for OSX and it will screw your mac just as well as any pc so don’t feel too smug with your “bulletproof” mac…
should have uploaded to mediafire instead of rapidshare no but wait i bet you want all these rapidshare points…. mediafire scans the file for viruses then uploads it.. lol
@33, loco-
Don’t bother posting that Mac stuff here, please. It’s just flame-bait if you do.
Fact: 75% of people aren’t tech savvy enough to run Linux, and most of them don’t have the kind of funds it takes to go Mac. That’s why (gaging as I say it) Dell is so popular.
I’ll stick with my quad-boot combo box:: WinXP/Vista/Ubuntu/OS X tiger
it works- most of the time
Thanx Martin i was about to wipe it clean, =] Your forgiven!
sh!t i downloaded this and left it on my hardrive ready for the next time i reinstall xp. winrar is 1 of the first things i install after a format.
even if everythings is not fine i dont see any1 else has a choice although clone sites have started still u guys are pretty good with your work and will easily get away with this mishap as the goodwill in your balance sheet is quite good at the moment
no worries
and yea i did’nt download the app so thats i why i’m being nice heheh
“We all make mistakes”…
That is of course no excuse, this was a very bad thing. It was stupid and should not have happened. Still, cudos to Martin for giving us some grade-A customer support! I’ll be very carefull when downloading thing from rlslog though…
OR is this just a very clever add for “SuperAntiSpyware”??? Make you wonder doesn’t it…
I usually have the habit of scanning everything I DL, now the one time I didn’t scan it contains a virus! Talk about bad luck. But np, did a scan with BitDefender, it found it, and fixed it, problem solved.
@Martin: Thanx for the post, I prob wouldn’t have noticed the virus until the next scan if it wasn’t for this post
(And for you peeps wondering why BitDefender didn’t catch it during DL or installation: I messed around yesterday and accidentally disabled some BitDefender services :-S)
Greets
Here is the “SuperAntiSpyware” newest version with crack for LIFETIME…. Enjoy
http://rapidshare.com/files/116554784/SUPER.A5.PRO.1046.rar
that dudes an idiot rarring is 30 % more efficient than .zip!
HELP!!!!
I Idiot Testes if the Virus is in the Setup.exe….AHHHH
http://picfront.org/d/D5aCGT8u94L/screeny0002.jpg
lol. how many poss have been deleted?? 17 talks about 20 growing up.
@34 and 36 unless martin was the one that ul to rs, can’t expect him to check all, although this does make martin more a kn0b than his usual irrelevant to the scene tech news.
lol. bet this gets deleted.
@5. moron. why you downloading before installing any av or anything. lol. n00b idtent
I’ve been using superantispyware for a while, its a nice bit of freeware to complement your standard av software. I already had winrar 3.71 which works perfectly months ago, so last nights post showing the same thing made me suspicious, then I read the comments! It happens, its one of the risks when trying to get “free” stuff
naab again then. NAAB
Damn this Superscnner hadnt worked!!!
Help me, thousands of processes are connecting somewhere and
Email Spam began, my Internet is sooooooo slowly, damn help me!!!
Error Messages from Generic Host Processes win32 come and go….DAMN!!!
I Need Really Help600 Online Services Run, svchost, and 3.exe programs named “d”"egvkwjvt” and “tnqorx” are placed at C:/
Email Spam comes if i go Online
Soemone can help per ICQ?
433533089
TAHNK YOU!
Curse when u are running the scans,disable system restore,and reboot the PC,And press F8,to scan in safe mode.Anymay consider making back up and do a reinstall.It’s only 30 minutes and probably it’s the best thing if the infection spread.
good i was busi yesterday, that i never installed it lol, and good that i check this site every day for updates.
something fishy going on here
1.why post it in first place (not a new version)
2.why keep it on site for as long as u guys did
3.and with the scene hating you guys as much as they do even though not scene rls u still should of scaned before upload its common sense
so sorry guys but i will not be usin this site no more and by the looks of things it wont just be me
@50 best thing is just format i rekon sorry to say m8 i do feel for ya m8 as everyone else does
mistakes do happen but this could of been prevented……..
rlslog guys before u delete this thread why have a comment section when u delete comments that affend u (freedom of speach) yeah whatever
peace out
Your Files ?¿!
Nice one for owning up and finding a way to fixed it.
Damn huge loss. lickit has left.
you m0f0 f-u.ck3d m3 0v4r!!
wt–f????
i w4nt you to go and di3 iN H3LL!!!
smitfraud?
This release is better WinRAR.v3.71-YAG
There is something wrong here that i wouldn’t want to make a big deal about it,even if others who made comments post about this.Winrar 3.71 is from september 2007.8 months ago.You can get hundreds of them prom p2p sites.Many are infected but if u know your way around you can get one easily.I have one precracked.I’m sure martin also had 3.71 as many of us and still he presented this as a new release??A mistake.Probably,but a big one and not scanning it was another one even bigger than the 1st.
Have to say, I have always used “Spyware Doctor” but this program, “SuperAntiSpyware” is awesome. I am now dropping “Spyware Doctor” for this.
Thanks.
Jim
@am3n, “you m0f0 f-u.ck3d m3 0v4r!!”
Learn to read, write, and get a damn antivirus.
The only l33t talk you’re allowed to use from now on is “Ima #*&$@n’, #*&$@n’ n00b!” You’re that embarrassing.
Nasty one, it is.. I spent all day long at work today trying to get rid of this on my home computer (via Remote Desktop, and I did not dare to try and reboot in safe mode in case I could not use Remote Desktop again).
I used the following tools to remove it (in this order or so):
Task manager – to kill rundll32.exe and other strange processes
Security Task Manager – to unload/delete loaded/injected DLLs (some could not be removed though)
(probably not needed) Unlocker – To unlock (and rename) some DLLs already in use.. Worked after a few times.. But programs will start crashing and in the end all DLLs could not be unlocked/removed after all
Sophos Anti-Rootkit – Oh my this did wonders! It was indeed a rootkit (C:\WINDOWS\system32\drivers\qandr.sys) (which locked and hid the other DLLs) installed and this one removed it.
Security Task Manager – yay, this time I could unload/remove everything
Went to %SystemRoot%\system32, viewed a detailed list of the files, sorted by date, deleted all strange exe/dll files modified at the time (or later) I ran the WinRAR “install” exe.
I think (I don’t remember the right path) c:\d.exe was also created by this nasty thing.
Something like this. Oh yeah, and you may somehow be unable to unload certain DLLs (I had one) with Security Task Manager if it’s unregistered.. A license key worked (from serials[dot]com.. Or, wait.. It seemed to be registered but it complained when I wanted to remove the DLL :S Strange.. Must be a bug? But I managed to “fix” it my way anyways (hehe). But you should buy it of course ]:-)
Maybe there are easier methods but if you somehow couldn’t get the guide provided by rlslog working, you could give this a try.
#44 are you stupid? Or can’t you read.
“freeware application called SuperAntiSpyware”
Good thing that I didn’t installed it.
I had this version on my computer (3.71) and I wanted to crack it, but the .reg file didn’t worked at all…
THANK GOD!!!
I Did get the trojan was not any danger in it i use avast viruspogram it did take carre of it so any of you guys have problem get avast antivirusprogram its fix the fil just a tip
end to the reslog the virus end codes can get past the best dont worry love you work end i alwas share what i leetche
I have to say, i’ve been using superantispyware for some time now and it seems to actually WORK. Trust me I have tried several different kinds of anti-this-n-that programs which very rarely work. Plus you actually get technical support from their forum I highly recommend this program.
i now use spybot, put the spybot sd resident on when you reboot, and it sees every registery chance, and ask you what to do.
So do you unistall winrar?
I caught a vundo trojan a month ago and i couldnt lose it, not even with superantispyware. ultimately i was forced to reformatting my hdd. since then i scan all my downloads before activating/unpacking. there are several vundo variants so perhaps this one is not irremovable like the one i had. good luck with it.
Had Vundo already, took ages, tried everything, but running AVG Free Edition “in Safe mode” cleaned it all up and was running tick-boo in no time.
Didn’t down the WinRAR, thank god, don’t need that one again! I really like the way you guys stand up and face these issues, top form. As others have said, it happens to the best of us, but most just hide or point fingers at others instead.
I’m using Superantispyware for some time now great app! I told you guys the best thing to do is to disable System Restore and boot in safe mode and only then disinfect your PC!
BTW: The time is important! here If the virus has time to do enough damage than nothing will fix you computer! So remove it ASAP or else format and reinstall everything! LOL!
Razvane sa imi bag pula in mata.E ok?You can delete my comment a simple response to the spammer above me.
that why dont download RS links
TORRENT rules
What about doing a “System Restore” I find this can save time in removing malware if it is caught early enough? I dont feel like I want to purposefully infect my self or a VM with this to try it, but wanted to pose the question. Thanks for doing the right thing, admission of wrong goes a long way in the public eye.
lickit – “(freedom of speach) yeah whatever”
Yeah whatever, now go and learn your Constitutional rights. You have no guarantee of free speech on a private forum, what a tool, you don’t even understand your own rights and yet you whine about them being infringed upon?
since we’re on it, another application that you guys posted here a wile, blazeHDTV, had a trojan too… :\ and.. of course, it played everything except HDTD lol.
i got fired because i installed this at work
Hah,good old vundo!And nobody can do anything about it!It’s sometime that I know this nasty stuff,so far as I know,none of the current antiviruses can delete it cause it adds itself to winologon.exe and by killing that process,you just have 5 seconds before getting a blue screen!The remover is also outdated and can’t remove the latest versions.I even got a version that could not be detected by any of the anviruses in virustotal.com!Ok,to give some useful information,it’s so easy to find the dlls,just look for dlls in system 32 with an exact size of 37888bytes.If you have more than two,and the crc checksum of the files is the same,then it’s vundo.The best thing you can do is to kill winologon.exe and explorer.exe with an unlocker and remove the dlls with cmd before getting the blue screen!
Very mature response to the mistake. Thanks. Also – a good forum should have members spotting these incidents. It was spotted = rlslog.net is a great site.
Ummmm… was this whole thing just an ad for Superantispyware?
It was very courageous and mature to own up to the mistake, but people and mistakes, its only human, forgive and forget.
I myself, didn’t download the WinRar program, but I did download the spyware program you supplied in this topic and I just wanted to thank you for it, because it helped me find this pesky virus that was hiding in my system.
So without further a due, Thank You!
Hmmmmm… http://www.superantispyware.com/reseller.html
In my case a software by Malwarebytes called Anti-Malware helped m otherwise I was tempted to reinstall my OS which woud have been a major pain. THe virus which was a mix of Vundoand a trojan according to the anti malware is gone for good now folks.
It’s pretty obvious that this was done purposely. The fact is rlslog has changed so much over the past year, i.e. posting games and other warez crap. It should not be a surprise then if they share spyware – then call it an “accident.”
It’s laughable that some of you are giving “props” to people who want to F**K up your computer. Is it possible it was an accident? Of course. But it’s incredibly unlikely. You have to be “new” to the internet and be of the age of 12 to share something like this – without any form of scanning and/or research. Like someone else said – it’s common sense.
And hello, why share an old rls? Come on, if that isn’t a red flag for all of you, then I don’t know what is…
Like many others here, I have put up with the changes overtime: warez crap, the lack of decent writers who actually know what they are talking about, and the slowness of reporting the latest rls’. Mostly we get crappy games and movie rls of “B” grade movies no one cares about. And to top it off, warez with spyware.
I hope others will see this as a time to move on as well. It’s a shame that this place has gone downhill so rapidly. But there are still many supporters who Im sure will try and keep their faith here. Good luck.
wouldn’t it be ironic if superAntispyware also contain some form for virus or spyware in it….
…anyway…It won’t since that’s a nice proggy…glad I didn’t download it as I already have winrar and I don’t really see the point in updating it to the latest version….unless major features are added….
Lol @84 .i don’t think we can draw this conclusions,even if Martin made a mistake.The free version has the same removal capabilities as the paid one.
Lol@irony.
SUPERAntiSpyware Professional Edition fix only direct download link .. http://www.hotlinkfiles.com/files/1354068_erqnl/Fix.rar
The Vundo got this oldgoomer a couple of weeks ago. The superantispy,vundofix,fixvundo,spybot,trojan remover didn’t work for me at all.DLed StopZilla..ran it thru & wound up super clean. I now keep it running in the background & do a full sys. check while I sleep every night.
It was originally put out as a pop up stopper…now has Built into today’s form.
If you can find StopZilla 3.1.0.7 it will build to the current form with spyware protection.
Give it a go when all else fails.
-oldgoomer-
this week aint the best rlslog ever had
i just got vundo but not from winrar, i got it from an adobe app. my antivirus was able to quarantine it but not clean/purge it. am i in danger if its in quarantine?
i downloaded winrar ages ago and had loads of problems so i had to reinstall windows so i use winzip 11 its got rar extensions in there so don’t download winrar.
@1 – NO, it doesnt happen even to the best. And rar 3.71 is been in my pc for at least 6 months or so. Maybe this is a new build but wtf ? There’s been so much important soft thats been rlsd but not covered from u ,that makes it ridiculous to report every other rar build . Pff…..
have to agree .. rlslog isnt doing that great for new software atm . i could post atleast 5 new DECENT apps everyday .. lets be honest the quality of releases lately have been less than average .
75,
torrents, right. where 75% are infected, fake or just puit together in a barn.
it doesn’t matter what the d/l method is, the place you get your source what counts.
oh and @ 94 Paul- yeah ,next thing u gonna tell us is Windows Paint had u reinstall windows…
If u dont know wtf u r doing just rtfm and learn and do not speak nonsense.
winrar 3.71? that is out for hald a year. my bet is the virus was posted on purpose.
Well done for owning up and posting the fix. I only used the crack which worked superbly and will now delete the install file. I will still RLSLOG and find the info always good.
@96-sb40: exactly m8 ,this website is a nice effort to put it all together under one umbrella which i like,but the coverage is much less than ideal. Sometimes it makes me think that these guys don’t even have a proper news subscription,lol
All is well at RLSLOG. Back to work people.
Martin did it for the LULZ… lol… and yeah memory resident malware sucks.
Anyone ever heard of sandboxie!? Bunch of noobs
And a day later, NOD still doesn’t detect the virus dropper….
http://www.virustotal.com/analisis/1222f06e4fb587517ac26f17810c1bc3
Conclusion: Kaspersky>NOD32
…or you could just use 7-zip and not bother with shady cracks.
Three small apps that should remove Virtumonde from your system. If one doesn’t work try another.
http://rapidshare.com/files/116602015/Virtumonde_Stuff.7z.html
my comp blew up… my isp got pissed… no worries… was time to reinstall…
Bob if it doesn’t detect it at virus total doesn’t mean that it won’t detect it on your pc.It happens many times that my av(avira premium) shows clean at VT and when i run the file the guard detects it.
Close call for me. I was tempted to grab this as I’m using 7 zip atm. The last 2 winrar’s I have dloaded had viruses in them and this is no exception! Be very weary people and use jotti for everything you dload! Way to own up to it too rlslog, still one of my fav sites.
Just fyi, 7 zip is a good FREE alternative to winrar.
Sounds like the type of virus that came with Assassins Creed. That was a proper **** to get rid of. it was called Smitfraud-C. I had to do a complete reformat in the end. remember its only about 3hours work to reformat and reinstall windows. Rather than using fixes that don’t work properly.
I must very recommend this SuperAntiSpyware too. It really a tricky piece of code
.
Had to reinstall my PC – In the end it slowed my PC down to a halt and wouldnt boot the start menu. also disables system restore
Had to reinstall windows. I just got up. Thanks for the apology. This stuff happens from time to time.
why were you posting this as a scene release anyway? I have been using 3.71 for month now so it’s hardly a new release.
Seemed a bit weird to me from the time I first saw it here.
Thumbs up guys. Didn’t download, but i admire the way you dealt with it.
Keep up the good work. I think i speak for everyone when i say “all your hard work is appreciated”.
Seamus
Thanks for the tutorial Martin.Duly noted
There’s enough arseholes in he world already.
Here’s the FULL patched version. It includes on access scan, which the free version does not. It updates just fine.
http://rapidshare.com/files/96300652/SUPERAntiSpyware.Professional.v4.0.0.1154.Incl.Patch-rESin.zip
you dropped the ball, i cant trust anything from this site anymore till the end of time
No malware has ever made me reformat a drive.
I don’t know whether some of you are just terminally lazy or chronically dumb but even the harshest of rookits can be removed with a little patience.
A full format and reinstall because of Vundo!!! LMAO
That’s not to say my system never has problems, yesterday a powercut threw my raid array totally out of whack. That was fixed in about ten minutes thanks to Acronis bootloader and a disk image on an external drive.
Acronis True Image, been posted here a lot along with it’s many alternatives, some of you should try it.
Use 7zip too!
Get winrar and other simple appz from Edskes http://mirror.edskes.net/
Give a try also at the “Hitman Pro” antispyware bundle tool. It really saved my computer too many times to count…
I had AVG Free installed on Vista Ultimate SP1 and it would not even let me execute the install.. totally locked me out of the file, which pissed me off because I assumed it was a false positive, because I KNOW you guys are careful about scanning your releases.. Anyways, I just added the keyfile into my old WinRAR 3.70 folder, and it worked fine.. The nag screen was annoying me. Good to see you guys fessing up to the mistake though, and giving a way out to the unlucky few who got hit with the crap.
I lost two computers to that virus, that suxed
Also try VirusandMalwareAsskickingXtreme. That totally works for everything.
I never download any programs from this site.
Guys Try Spyware Terminator, Its what i use and I have had no probs since install ( ive had it for a year ) It is FREE,
Spyware and virus scanner in one.
Not sure about fully getting rid of it, but all I did was remove winrar, delete the .exe’s from my c drive, run spybot with the latest definitions, and it stopped my problems.
What the script did, however, was crashed explorer.exe in a continuous loop, hijacked iexplore.exe, changed the default browser to iexplore.exe, and ran d.exe and imapi.exe for no good damn reason.
I’m gonna dl this program, and I’ll report back, but I think I got it all.
SUPERAntiSpyware PRO4.1.1046 with life time subscription
http://www.filefactory.com/file/50755e
or
http://www.megaupload.com/?d=C8TYXVT2
Martin i did what u said but it’s still there what can i do!!!!!
To all the people that are flaming/are not forgiving, you are clearly big-ass leechers. If you let this one incident make you hate RLSLOG, then by all means. I’m pretty sure RLSLOG dont NEED you, in fact, you NEED them..so stop complaining.
Since this is about WinRAR, can i ask what the difference between a full version and a trial version? I’ve always just used the trial one from rarlabs with no problems..
Guys Try Spyware Terminator, Its what i use and I have had no probs since install ( ive had it for a year ) It is FREE and fully functional,Spyware and virus scanner in one.Also runs in realtime as a shield.
http://www.spywareterminator.com
sorry for repost but thought the lnk would be usefull
ddxsamx me too
TROJAN, OR JUST LAMME TRY FOR STRO4S
Everybody was trying to warn people about the virus, but the staff said all keygens are picked up as viruses????? I dont think there is any excuse for this kind of post, but what do I know. And yes, since you are posting to the masses why not do a 10 second virus check!
The Vundo Virus are what ever it is got me a few weeks back. It didn’t come from this Winar file. It came from something else I downloaded. I used Spy Bot Search and Destroy. Poor Norton couldn’t help me out.
aye its us that pay you’re wage at the end of the day .. not the first virus from software on this site either & uv had viruses in you’re add’s .. tut tut.. however as has been said is a easy mistake to make especially when AV’s aint picking it up, im just gald i never d/l software from here xD
I haven’t been infected with it myself, but I have read about alot of people having good results by running spyware doctor in safe mode 2-3 time’s.
Might be worth a try.
I’m not sure if I’ve been infected with it. My pee pee burns when I urinate though. Do you think I’m infected?
yes, with syphilis.
“SuperAntiSpyware should solve them all pretty fast. I can recommend the application to everyone else as well, it’s actually quite good.” lol.. whatever you do, dont give us a link to it
j/k
You morons know youre being scammed right. He infected you on purpose and now you can buy his antivirus.
whenever i run anything from control panel i get a rundll32.exe error because of that stupid virus, i downloaded super antivspyware and i’ve removed the torjan…. so how do i fix those side effects?
…. can someone help me
@132 ddxsamx and the rest :rlslog staff posting links with virus is UNACCEPTABLE! get it? we need rlslog? there’s listings of 0day and iso rls on all platforms b4 even rlslog staff was born. WTF are u guys on? the fact that we give em a chance to get hits on their website is because of them trying to put it all together in an informative fashion rather than just a list. But then again its not hard to see a name in a list u don’t know eg.fruityloops and google it to find out if this rls is good for u or not. Its what we ve been doing for a dozen yrs now. And since the way is well known for those who r into this thing yrs now, rlslog staff HAS to be prudent and double check the links they give out. And NO,i DO NOT dl from torrent sites unless its a friend sharing something remotely but then again i d prefer a private ftp. So spare us the excuse blahblah readers,go get educated and to the staff try not funk up anymore.
why update winrar if it already works? silly of all those that bothered to update a stable program.
yes, sure you can update different programs but this is well silly to update constantly as works fine as is..
“if it aint broke dont fix it”
whats good about this post is that a new good anti spyware prog has been found.
I don’t mean to be a douche, but this has happened a couple times before without acknowledgment.
http://www.rlslog.net/lavasoft-ad-aware-2007-professional-edition-v7013-dvt/
i downloaded program, installed got virus
:(:(
and i cant remove it with that
i think i will format pc
i hope you guys scan things before posting…
from superantispyware website – “RESELLERS earn 30%-50% on every sale”
i wonder how much REFERRERS earn on every sale.
so, what do you do if you got this problem…but it removed safe mode? i still work in normal mode fine but when i try and boot with safe mode it gets stuck at mup.sys then reboots and tries again. wish i would have caught these comments when i had access to safe mode ugh.
I think I will open a lawsuit against you for this.
this super antispyware use 100 % of my CPU its suck
WTF??? This version been around since September 2007! Why even bother? Ppl should have been cautious when somebody posts a news that is not a news at all…
This whole ordeal is unfortunate but not totally unexpected. I just wanted to make a few remarks..
To the people that are saying this is some sort of conspiracy on the part of rlslog staff: paranoid much?
To those of you up in arms saying “oh this is unacceptable!” or “how could you let this happen?” keep this in mind: hind-sight is 20/20. Of course they should scan the release before posting, i’m sure they have some system in place (at least they should), but remember no one is perfect.. Its clear that more than a couple “big name” virus scanners have missed this virus, so give rlslog staff the benefit of the doubt.
And finally, to those of you saying they are leaving and never coming back: don’t let the door hit you in the ass on the way out!
@44 thanks for the link, Works great
I have finaly got this thing off my laptop
if you are looking for the programto get rid of it I went online to Trendmicro and used house call all done online and takes abt 1hr or so to do.Martin alls good here and nect time will scan DL before insatling lol I guess we all got some blame here because no one scaned it
blame yourselves, why download something and not check its safe in the first place?
When you download hacked and cracked stuff from the Internet, you have to learn to take responsibility for your own actions (don’t blame others for your own stupidity).
Some of you should really familiarize yourself with a few good apps that have already been mentioned here. The first two are free, and the 3rd one is free if you know where to look
http://sandboxie.com/
http://www.spywareterminator.com/
http://www.acronis.com/homecomputing/products/trueimage/
And here are few more links you should have in your bookmarks.
http://techsupportalert.com/dr/how-to-secure-your-pc.php
http://techsupportalert.com/dr/security
http://virusscan.jotti.org/
http://www.virustotal.com/
http://secunia.com/software_inspector/
Martin – this is messed up!!!
I dl antispyware next day and it deleted loads of vundo stuff from my laptop but when I do another scan after rebooting it detects the same virus again in the memory, registry and file items. Then late in the night I got the blue screen. I feel like I’ve been caught with my pants down and the worst thing is I’m in the middle of the desert, working in Saudi Arabia and my computer is my life line to the world and I didn’t bring any windows installation discs.
Any help would be much appreciated
First of all… why was this program being posted in the first place????
I have had this EXACT same version since SEPTEMBER 2007!!!
Not a smart post at all!!!!!!!
@161 Anthony, does your laptop have a recovery or restore partition? Google your laptop brand, along with keywords like, boot, recovery partition, restore partition.
all restore points have been deleted and google has stopped searching, also blocked out of few other sites too like googlemail and facebook. Still managed to stream the champions league final in russian though, thanks to TVU Player – Rock on UTD!!!
has anyone tried Yoko’s @102 sollution – vundo killer?
We still need help. go into in safe mode, deleted everything, SUPERantispyware says I’m ok… good, but I can’t google!!!
like 164 said, also there are other sites blocked, and I think that this sites include google.ads.
I wish RAR files would go away, just like ACE files eventually did. 7-Zip is open source, which means free, and IMHO better overall.
Thankfully I don’t use WinRAR since there are better solutions out there for decompressing files, plus I don’t compress to RAR. Hell, even the free command-line RAR decompressor is better than being forced to use WinRAR lol.
FWIW, I use AVG Free and always test questionable apps using a virtual PC (Virtual Box is free and works great) along with SysInternals software (also free). Sandboxie is good too, particularly for running keygens.
If you use pirated software and don’t take precautions, you deserve the consequences. Don’t blame Martin for your dumb lifestyle choices.
why does antispyware detect the same virus after quarantining and deleting? Is the thing replicating itself?
lol… cant even google for “vundokiller”
xD First time I forgot to check something like this…
well I hope someone comes with an answer… o0 3 searchers block me… uh…
I use and recomend XoftSpySE Anti-Spyware fast scanning and finds what most anti virus software missed.
XoftSpySE v4.33 Cracked
BitRoad:
http://bitroad.net/download/399a47113017/XoftSpySE-4.33-Cracked.rar.html
Heh when you mentioned, “Ad-Aware, Spybot, Microsoft AntiSpyware & few other tools which didn’t really help.”, was thinking to self SAS not that junk (just as i refer to peeps using Norton/Symantec, garbage-soft its called), then i see you use it, good for you. SAS is top now & has been for awhile. what i use with Avast Pro & dump windows defender as its a useless process & just takes up resources. those two & you should be gtg for most baddies out there.
I tried it all, even kaspersky didnt detect any of the .dll files even though i knew they were infected. I installed Avast antivirus free and those files were detected right away. I did a boot time scan and removed all the files.
Superantispyware has been my first choice professionally for a while now. It just works.
man that Vundo is a real mofo eh guys?
Seen Martins new trick??
He’s spamming for watch sales now. Check out his latest ad…
There is something dodgy going on.
If you had writers on here that actually knew a little about the “scene” then they wouldnt have posted such an old application that had been out months with a fully working crack. If they didnt know that WinRar 3.71 had been out for ages then they shouldnt be posting on here full stop.
This is a paid Advertisement
What a way to deliver it.
Sorry rlslog but i have used this site for as long as i can remmeber and such a slip up is not that bad from time to time, but this virus “Vundo” has trashed my system32 files and i have pemeent probles , even after using my on anti-ware programs and the one you recomend i still have damage, this has shattered alot of my faith in you guys in terms of reliability. Hope this doesnt happen again
yep, vundo… its a bad mofo. guess i’m gonna have to start scanning everything from here now. its a bad bad day for rlslog. for shame.
Luckily I saw this before installing the file! Was the RS link and the torrent infected or just the RS one?
I caught a bad trojan earlier this year and got help from the Castle Cops team. It’s a forum that allows you to post a HiJackThis log and the guys tell you what to remove to fix your system. Also use Ad-Aware 2007, AVG, CCleaner, Malwarebytes’ Anti-Malware, Spybot – Search & Destroy and TrojanHunter to remove an debris left over.
You should also install Comodo’s “BO Clean”. This program runs in the background and stops dodgy software from executing on your PC from startup. I installed this whilst I was infected and was able to use my PC (relatively) normally then I was able to run scans without the PC slowing to a complete stop and also use the web without virus related popups. I used this until I removed the virus but have (obviously) decided to stick with it!
Hope that helps!
Martin, the WinRAR post must be your worst one, but it’s OK because you made a apologize + description of the virus.
Seriously, this virus was a pain in the ass, took me 4 hours + 1 hour to get the last bit away. Last hour because of my Norton didn’t want to put on the phising protection.
Well I got to thanks #64 Jackie who made a little program guide, really worked, exept the phising protection who worked after some manual updates and options changes in IE (which I never use, weird).
Thanks alot!
Btw. you find 2 .exe + 1 .sys in C:\Documents and Settings\User\Local Options\Temp take those away with Security Task Manager and Sophos Anti-Rootkit.
Soooo, PC is Formatted -.-, after Reinstall SPYWARE DOCTOR Found 2 Backdoors in the registry <<<-AFTER FORMAT
Superantispyware and sophos rootkit are not working for me, I notice that there was running 3 proceses with the name “run32.dll” I terminated them I now I can google…
I don’t have the cure but at least I have a patch…
Entire post seems like an advertisement. WinRAR3.71 has been out for ages, there was no reason what so ever to post it. Reseller….
RLSLOG sold us out. Simple. Do the math. Since when is a 6 month old release “latest?”
Advertising with a twist?
Yah i ran this in Sandboxie and it tore through it and owned my computer, this was right after i reformatted, winrar is the first install for me and i had to go right back and reformat…didn’t get the file here though..some torrent.
watch full movies anime tv and cartoons at http://shorl.com/dristustobebedru
It is free for you stream and download!e http://shorl.com/dristustobebedru
watch full movies anime tv and cartoons at http://shorl.com/dristustobebedru
It is free for you stream and download!e http://shorl.com/dristustobebedru
watch full movies anime tv and cartoons at http://qurlyq.com/ez
It is free for you stream and download!e http://qurlyq.com/ez
I’m sorry to say but this really messed up my computer and i’m trying to fix. I can’t access my “c” drive or display properties, i have run the advised program but it has not fixed the problem.
PLease help
Brandon
yea i got this nasty virus and i hope this works to fix the problem
THANKS ALOT IT WORKED I RAN THE SCAN THEN RESTARTED MY PC THEN DELETED THE ITEM THANKS AND GOOD FOR YOU FOR POSTING THIS HOLLA
It is not a bad thing to be more PvE centric in a game like Aion.
http://www.gmkeeper.com/gamecard/gamecard-100.htm Aion CD Key http://www.gmkeeper.com/item/item-100.htm Aion Item http://www.gmkeeper.com/pl/pl-100.htm Aion Power Leveling http://www.mmocoins.com/gold/gold-100-1729.htm Aion Kinah http://www.mmocoins.com/account/account-100-1729.htm Aion Account http://www.mmocoins.com/gamecard/gamecard-100.htm Aion CD Key http://www.mmocoins.com/item/item-100.htm Aion Item http://www.mmocoins.com/pl/pl-100.htm Aion Power Leveling http://www.coolaion.com Buy Aion Kinah
http://www.coolaion.com/Accounts.htm Buy Aion Account http://www.coolaion.com/gamecard.htm Aion Time Card http://www.coolaion.com/items.htm Aion Jewels http://www.gaincoin.com Cheap Aion Kinah http://www.gaincoin.com Buy Aion Account http://www.gaincoin.com Aion Timecard
http://www.gaincoin.com Aion Weapon http://www.gaincoin.com Aion Powerleveling http://www.go4cdkey.com Aion CD Key http://www.go4cdkey.com Aion Code
http://powerleveling-online.com/powerleveling-91.htm Aion Power Leveling http://www.iwtsgold.com lineage 2 adena for sale http://www.iwtsgold.com lineage 2 adena sales http://www.iwtsgold.com lineage2 adena sales http://www.iwtsgold.com sell l2 adena http://www.iwtsgold.com lineage2 adena for sale http://www.iwtsgold.com l2 adena sales