virus dans winrar arabic version

Enter here Newsflash warning WinRar to use the Arabic language
A picture of the program

http://www.ar-tr.com/uploaded/uploading/winrar6.gif

Arabic version of the company from infected Discovered Kaspersky

http://img203.imageshack.us/img203/9872/sshot1d.png

Sits on VirusTotal

5/41
http://www.virustotal.com/analisis/5ffd47f50775c2cef712f90fd97342f516315baf555c7790eaad487e7085429d-1273152057

site web Company winrar

www.rarlab.com

hi,

don’t post in yellow it’s impossible to read ;D

@Logos…naaaa…you just bend way out to one side… ;D

just for fun i downloaded the following version and scanned on VirusTotal 32bit Bulgarian / Norwegian / Chinese
all came up CLEAN…so this Arabic version looks to be infected

Anubis Analysis Report
http://anubis.iseclab.org/?action=result&task_id=145cae427390a8aa4fd18411293cc75c5&format=html

doesn’t work here, I can’t read :cry: ;D >>> could be a side effect of that malware ???

I’ll translate the first post to a normal language :-
I post a warning that popped up while using Arabic version of WinRar
A picture of the program itself:

The virus originally was found by Kaspersky, picture of the warning:

VirusTotal results:

WinRar's company site:

Just highlight whatever the dude wrote with your mouse or touchpad or whatever. Sheesh.

By the way, normally winrar doesn’t have any file named “wrar393a.exe”

thus, its not related to winrar. although it might be some crack for winrar(infected with trojan ;))

Halio Altarir,

This is the virustotal result for that particular executable: http://www.virustotal.com/analisis/5ffd47f50775c2cef712f90fd97342f516315baf555c7790eaad487e7085429d-1273152057
Malware from a fake torrent download site for Winrar + Keygen:
htxp://wXw.torrentz.com/a9f4be7f3a8c812cf23889a8c56a0690a552447c

polonus

I think who translate the program is the person who put the trojan"so i dont enter arabic websites",and i think also that 7-ZIP is better and anyway is an open source

Altarir is not Halio, whatever that is.

7-Zip is totally awesome, agreed, however PeaZip is also worth a shot :slight_smile:

Confirmed by Norman the detection is good - Refroso.AB

I sent this to Microsoft, They say this is not malware.

Well i sendt it to avast and MBAM yesterday (5 post before you Marc :wink: ) so wonder what conclusion they will have ???

just scanned with MBAM and not detected yet…soooo…maybe tomorrow…

I sent it to MBAM also (Sorry I didn’t see you had already sent it) So they should be able to do a double take. ;D ;D

ThreatExpert - infected
http://www.threatexpert.com/report.aspx?md5=c67d415e114eb1efbfbd4450a2b14f39

Hi Pondus,

Did you see this inside the malware description?
CLSID{“B41DB860-8EE4-11D2-9906-E49FADC173CA”}
= a malicious CLSID, that the malware you linked to shares with a.o. W32/Sality.gen.e [McAfee] ; Mal/Sality-D [Sophos] ; Virus:Win32/Sality.AT [Microsoft] worms etc. re:, also: http://www.bleepingcomputer.com/forums/lofiversion/index.php/t269541.html
apparently a malicious Winrar plug-in: http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=168299

polonus

The story continues…

New mail from Norman the detection was a False Positive so the file is CLEAN
and Avira say CLEAN

end thats the end of that…maybe… ;D

[size=10pt][b]McAfee classified the program WinRAR latest version of Trojan-infected can infect the system and crashing to the McAfee report sent to the company producing the program for this injury caused by this program for equipment users in the Arab world

Thank you[/b][/size] :smiley:

???

What Happened About This Software Winrar v393 Arabic ???

??? ??? ???