Hello, for the last few days my computer has been afflicted with a strange virus that avast does not recognize, and that I have not been able to remove manually. Researching on the internet brings up no useful information on resolving it, and only two mentions that I could find (but without solution).
What happens is that the files rrrar.exe and zzzip.exe are run in multiple instances as can be seen in the Process of the Task Manager. They take up significant ram and slow things down to a crawl. What signals this virus is the flooding of the desktop with files such as “__rar_00.797” etc.
From my searching I’ve found that rrrar.exe and zzzip.exe are related to update.exe, all found in the root windows directory. Unfortuneatly deleting these files manually does not solve the problem, and they will promptly reappear.
Has anyone run into this? SOlutions?
Help please!
Edit:
One further bit of info I can provide, is that after one deletes the files (in Safe Mode so that they aren’t loaded and undeleteable), what seems to retrigger their appearance is opening up Internet Explorer.
Thanks
1>>go to www.virustotal.com and upload the files and check if it is a malware…if any anti-vir detects it so that u can pinpoint the malware
2>>give us the full path of the malware, the OS ur using,other anti virus/anti spyware software
and add the files to the chest and mail it to the awil team so that they can include it in their detections
go to virus chest click on the “user files” ickon[in the left most column] and add the files …
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3).
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.