Alright guys, this is my first post here. Hi, I recently reformatted after the big “false positives freakout”, and I’m just getting everything back together now. I scan everything I download with Avast, and for some odd reason, after downloading and scanning the wrar391b2.exe install file, Avast detected it as infected. Is this a false positive? I got it from the official WinRAR download page:
When I scan the folder that WinRAR installed in, Avast detects Default.SFX as a virus as well. What’s going on here? I need my WinRAR, it’s so useful. I don’t want to uninstall it.
The site wXw.rarlab.com has been downloading malcode in the past.
Last time that suspicious content was found on this site was on 2009-10-08.
Malicious software includes 3 trojans.
This site was hosted on 2 network(s) including AS15366 (DNSNET), AS14618 (AMAZON).
Has this site been hosting malware?
Yes, this site has been hosting malcode during the previous 90 days, and the malicious software has infected 2 domains, e.g. freedownloadscenter.com/, kingdownloads.com/
There is this script there: hXtp://www.rarlab.com/zyaddr.js (BBS-code)
The site seems OK at the mo.
Update the file to avast to see if it detects a FP
I dug around and found that the file in question that could have been flagged is called default.sfx and contained within the wrar370.exe archive. The file flagged is in the c:\Program Files\winrar directory. The reason given for selecting this file as a(n alleged) virus was that it was infected with the Infostealer.Uprungam.B virus, once a FP. This appeared to be a FP by Symantec,
so now avast flags Default.SFX as malicious.
Did you update the file to virustotal.com and what were the scanning results?
Is the default.sfx file needed in the c:\Program Files\winrar directory by
According to WinRAR the file is needed for self extracting archives.
Exclude the file and re-install the default.sfx file from the original
wrar370.exe archive and then contact Avast,
Thanks for the reply, polonus. I never thought that website would host malicious files. I scanned the files with VirusTotal and they came up as clean. They’re gone now, I just finished a boot-time scan and decided to get rid of WinRAR altogether since Avast didn’t like it. I’ll go ahead and search for another, safer .rar extractor.
I’ve just noticed your thread and decided to take a look a myself. Indeed, default.sfx is the culprit of the Malware-gen detection, but it seems as if it was a FP.