Just downloaded WinRAR 3.80 beta 3 from filehippo.com, and AVG has just done a scan to say that it's infected with the above trojan. No mention of said trojan anywhere else on the net. Is AVG right, should I be worried, or is this just bullshit?

Cheers

Tom

Perhaps download and run this-
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

I'm still looking for something else thaT MIGHT be useful.

Sorry bout the caps. Haven't had my coffee yet.

Edit: Not sure where you were looking in the Internet, but I am seeing all sorts of results.

Thanks, will give that a go.

By the way, isn't it like before 6am where you are? What the hell are you doing up at this time? It's past 2pm for me!

No, it's 8:00 right now.

I am going to keep looking (because this stuff is interesting), but have an appointment (maybe one of the awesome, knowledgeable dudes will show up), so am about to leave.

Are you positive it's ZCJ and not CCJ or BCJ?

definitely ZCJ. it's in my AVG virus vault at the moment.

You might also dl HJT-
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

and post your results here.

You could also go through the steps laid out by Castle Cops-

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

definitely ZCJ. it's in my AVG virus vault at the moment.


Gotcha.

That is strange, cause I downloaded the latest spyware blaster from filehippo a while back and it too was infected with a trojan. I am wondering if AVG finds part of their software(s) as a false positive. It seems strange that filehippo would host an infected file, doesn't it? Very odd. I tried this same download on my main computer and EST Security did not detect anything.

Well if symantecs information of a different variant of the virus is accurate for this version than you will probably want to run your anti-virus in safe mode. To get into safe mode hold F8 when windows starts. Then just select run in safe mode. This works to remove viruses most of the time. That is if the virus is still causing you problems, you did mention its in your avg vault.

Also, just a heads up. If you want an alternative to winrar try 7zip, its always worked great for me.

Well if symantecs information of a different variant of the virus is accurate for this version than you will probably want to run your anti-virus in safe mode. To get into safe mode hold F8 when windows starts. Then just select run in safe mode. This works to remove viruses most of the time. That is if the virus is still causing you problems, you did mention its in your avg vault.

Also, just a heads up. If you want an alternative to winrar try 7zip, its always worked great for me.

From my own experience I can tell you this method can be effective, but certainly no guarantee. I recently had a virus hiding in sys restore, that could not be removed, even in safe mode. However, after disabling sys restore I was able to remove it by running the same scan. It was only after running Housecall (http://housecall.trendmicro.com/) that I discovered where it was hiding though.

Often I will use my garage computer and plug the infected HD as a slave and run everything under the sun on it, including booting to MiniPE XT, which has several AV's and anti-spyware apps.

I just want to amend what MR and ®N® have suggested.

Before you go into safe mode to run the AV or AM, I think you are supoosed to turn system restore off.

forgot about sys restore, mines always off. Good catch RnR.

Hate to state the obvious, but why not download it from the offical winrar site rather than a third party?

www.rarlabs.com

A little common sense is the best virus protection anyone could ask for...

Greetings from Sweden :)

Yesterday, we downloaded a monopoly-game(about 2 year old torrent) from thepiratebay.org, opened up the folder where the file landed and directly got a popup from AVG telling that it had found the trojan: Trojan Horse Agent.ZCJ.

We ran AVG scan, successfully removed the trojan (that's what we thought atleast).
I have two partitions of my harddrive, we removed the file we downloaded, and ran AVG scan again - threat still found, in WinRAR.exe.

Then we did a complete OS reinstall of Windows XP Pro SP2.
Installed all drivers and the applications we wanted to use.
When it came to WinRAR though... When we installed WinRAR (downloaded from www.rarlabs.com) we got the same friggin trojan.

Ran Ad-Aware which found alot of threats, we did not check the logfiles though so we did not accually see what it found, but it removed the threat. Ran AVG - No threat. Ran Ad-Aware again, no threat.

So we believe that we have successfully removed the trojan by now, but we are not going to download WinRAR again, thus it seems that AVG reacts very strong on in.

We are also currently using 7zip instead of WinRAR.

I guess I'm just lucky.

I dl'ed mine in 2005 when I started uni and have never had a problem with it.

Should i post the main.txt and extra.txt files from DSS? Would that help?

This is another case of AVG's false positives. How it still has a good rep is beyond me. Google "avg false positive" and you'll see how much perfectly legitimate software AVG has flagged.

I've only had one false/positive in five years.

About a year ago when I was attempting to acquire an app that had a keygen. But I have aquired much since then, with keygens, and it has not gone off.

Download WinRAR 3.80b3 and you can make it twice in a year. ;)

3.80b3 was downloaded from http://www.rarsoft.com/download.htm and installed on two of my systems with AVG running... both reported nothing. ;)