RarExt64.dll sandbox allert

Hi,

I don’t know if you have already encountered this problem but here is what happened:
Out of the blue, when trying to open my Microsoft Word, I kept receiving a sandbox alert for this RarExt64.dll. At first i didn’t take it too serious as I hadn’t installed or downloaded anything, so I just followed the recommended instructions. Despite this, I kept getting the alert and I reached the conclusion that something was fishy. I tried googling it and I wasn’t able to find too many details about it. So I tried uninstalling it. After doing that I ended up with 2 files in my WinRAR folder: a registry key which I had no problem in deleting it and the dll that turned into a tmp file, something like “RarExt64.dll.0.tmp” which I couldn’t delete (although I did take ownership of both the .dll file and the folder). My concern is that Avast wasn’t able to detect any threat whatsoever, and that’s a problem. I managed to delete the file while running safe mode. When I restarted my computer the sandbox alert was gone. However I am still worried that maybe the files were somehow able to hide themselves somewhere and are still running undetected. Before removing the files, I also tried looking for suspicious processes that were running at that time, but my search came out empty. On the internet I have also found references to a RarExtLoader.exe causing similar problems and acting the same (topics on other forums posted by people using avast-this was undetectable for avast too).
Hope it’s not too serious and hope this post helps making avast better. I would also be very grateful is someone having any kind of information regarding this problem could shed some light in this matter. Thank you!

Monitor this topic, http://forum.avast.com/index.php?topic=79601.0.

Thanx! It seems that the guys posting on the other topic are still trying to figure it out.

Yes they are, just that there is more activity on that topic and it would keep things together. Having added your experience to it, will bump that topic up the order again.

As you say the biggest thing in your case is you uninstalled WinRAR.

http://www.threatexpert.com/files/rarextloader.exe.html

You could try the Unlocker utility http://www.filehippo.com/download_unlocker/ as it also has a few additional features to not only delete the files but stop any process that is stopping you from deleting a file.

Also try CCleaner - Temp File Cleaner, etc. and see if it finds any WinRAR stuff in the registry. It has a registry checker and that can find registry orphans. It isn’t a particularly severe registry cleaner, so it should be find and it does offer to backup its changes (I recommend you do backup and change).

Thanx again for all the help and the suggested solutions :slight_smile:

You’re welcome, let us know how it works out.