Computer Help forum

General discussion

Cnet WinRAR download trojan virus trenderdia

by mustangkat / October 16, 2008 4:55 AM PDT

WinRAR was downloaded from download.com with a trojan caled trenderdia with a pop-up that says "you will dead next month". Also my internet home page has changed to Microsoft security center - your computer has been attacked by spyware or virus - please download anti spyware now. Any attempt to go to another website sent you to some foreign writing page. I went to the control panel and removed the program and got rid of the program. I then changed my home page back to where it was supposed to be, but still had a problem going to google, ebay, youtube, and I don't know what others. So it is still a redirect problem. I updated all my anit virus, Norton 360, Sypbot S & D, Adaware, and ran them. They found minimal stuff. I downloaded Malware bytes, and Super AntiSpyware. Malware bytes found 2 trojan files. It corrected some, but I still can't go to ebay or youtube. I am still getting the Microsoft security center - your computer has been attacked by spyware or virus - please download anti spyware now.

This is not just me. I did a search on the Internet and others have the same problem and got it from Cnet. I don't have the expertise to go further. Does anyone have a clue or some suggestions. Cnet does not make it easy to let them know that there is a problem with their downloads. Obviously if someone sent them a trojan, they don't care if you notify them.

Post a reply
Discussion is locked
You are posting a reply to: Cnet WinRAR download trojan virus trenderdia
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Cnet WinRAR download trojan virus trenderdia
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Cnet WinRar trenderdia
by mustangkat / October 16, 2008 5:03 AM PDT

I forgot to mention that I am running XP with IE 6 and the google toolbar, though I can access google and google search, gmail, hotmail now, but it is still on my computer somewhere and doing a redirect or something and I want it off may machine.

I'm sure it's got some other hiddent files somewhere.

Collapse -
Re: trenderdia
by KnightsTour / October 16, 2008 11:10 AM PDT

This seems to have worked for me...

As soon as it happened, Vista alerted me something wasn't right. Following these steps, mostly as found in another forum, my computer seems clear. The only thing I didn't do was run S&D at the end before the reboot.

1. Ran a full AV with Avira antivirus software.
2. Using Hijack this, found redirects and deleted them.
3. Used Malware bytes anti-malware. This found a file and registry entry. Allowed it to delete/fix both.
4. Ran Adaware which found tracking cookies maybe something else -- dont recall but let it delete everything it found.
5. Checked my host file and it was empty.
6. Rebooted and did it all over again... found nothing.

It was time consuming....

For all the above programs I selected full or deep or complete scans although the main file was a dll.

Past experience with malware makes me think the following:

Delete it ASAP, the longer it stays around, the more opportunity it has to spread into multiple areas on your computer and download other crap from the internet.

Use multiple attacks (anitspyware, anti virus, Hijack this, etc.) but never two of the same types of programs, at least with regard to AV software.

Best of luck....

Collapse -
reply to: Cnet WinRAR download trojan
by caktus / October 16, 2008 11:57 AM PDT

Update and run your security software,
then try Housecall and let it remove all it finds. Then, before you do anything else, delete all system backups such as System Restore that may possibly be harboring a copy of the infection.

Hope this is helpful.

Charlie

Collapse -
Fix for my Problem with WINRAR
by sg1ks / October 16, 2008 9:26 PM PDT

I found what I thought was the most uptodate version on CNET and as people are finding out it causes an annoying popup and redirects to well known web sites.
Fix by ADD/REMOVE programs running unistall WINRAR
then remove file explorer.exe in the c:\windows\system32\
directory, note by hovering over this file it identifies itself as winrar, thats the end of the popup.
Go to c:\windows\system32\drivers\etc\hosts and edit in notepad, you will see all the sites you cannot access with a fixed IP Address, replace this with hosts.sav if there is one or any backup copy made yourself else get a copy from a friend.
You should now be able to connect to the internet.
In internet explorer on the menu bar select tools/internet options and on the general tab press button delete files, removing any cache version.
Run regedt32
Navigate to :-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Remove entry pointing at c:\windows\system32\explorer.exe
Reboot and you should be in the same state as me, freeas a bird.

Collapse -
Trenderdia
by mustangkat / October 17, 2008 1:15 AM PDT

Thanks I will try that.

Collapse -
HELP!!
by singhsane / October 22, 2008 2:04 AM PDT
In reply to: Trenderdia

I've tried doing what is explained below...

Scanning Computer
1. Download Malwarebytes? Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as ?default? only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes? Anti-Malware
- Launch Malwarebytes? Anti-Malware
5. Click ?Finish.? Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the ?Show Results?
8. Make sure that all detected threats are marked, click on Remove Selected.
Cleaning Internet
Explorer Cache Files
9. On IE menu select Tools > Internet Options
10. On General tab, press Delete All, then close IE
Removing Registry Entries
11. Go to Start > Run, then type regedit
12. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run
Remove entry c:\windows\system32\explorer.exe
Delete Infected File:
13. Go to c:\windows\system32\ and delete the file explorer.exe
14. Restart your computer.

The problems im having is....

1. For "Removing Registry Entries" Once i navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run
There is no entry that says "c:\windows\system32\explorer.exe"

2. For "Delete infected file" I have the same problem. When i go to "c:\windows\system32\" Once again, there is no explorer.exe file.

I'm running Vista 64bit. I've done a scan with norton 360 and nothing came up. With malware I had two threats come up and it delted both sucessfully. Please let me know how i can fix this!!!

Thanks!

Collapse -
trenderdia
by mustangkat / October 22, 2008 5:21 AM PDT
In reply to: HELP!!

I don't know about Vista 64 bit. Once I got ride of the Trojans with Malware byte, I couldn't find the exployer.exe either.

But I downloaded Hijack this to get rid of the redirect problem. It was obvious once you looked at the file. You just do as the other posting instructed. You can see all the redirect files for ebay, amazon, youtube, etc. I clicked on one, asked for what it was and did a delete and it deleted all of them. I checked for everthing else and it was gone. I haven't had any trouble since, but am running everything and keeping everything updated.

I am also keeping the cache clean--getting rid of the temp Internet files and cookies. It took me five days between work and stuff to get it all done.

Collapse -
getting rid of trenderdia
by PaulKoren / October 27, 2008 1:04 PM PDT

thanks sg1ks, you're a gem.

Your instructions have cleared the Trojan, in a much simpler way than suggested elsewhere - 2 minutes!

I did need to re-install internet explorer 7 to get rid of the web redirections but that's easy...

thanks again

Collapse -
Need help too please!
by twoblette / November 1, 2008 3:04 AM PDT

Exact same problem. And definitely got this from downloading Winrar off CNET - last night! Am on windows XP and have no SYSTEM32 folder that I can see... what should i do?

PLEASE HELP

Sad

Collapse -
To Show The System32 Folder...
by Grif Thomas Forum moderator / November 1, 2008 9:02 AM PDT
In reply to: Need help too please!

RIGHT click on the Start button, choose "Explore" from the little menu.. When the Explorer window loads, click on "Tools" in the upper left, choose "Folder Options", then click on the "View" tab.. When that loads, place a dot/tick in the "Show Hidden files and folders", then UNCHECK the boxes next to "Hide extensions for known file types" and "Hide protected operating system files (Recommended)", then click on "apply", then OK..

Since you're already using Explorer, you can now look on the left side of the screen, and find the C:\Windows\System32 folder and click once on it.. On the right side of the screen, you should see all the files that reside in the System32 folder.

Hope this helps.

Grif

Collapse -
This fix is great.
by twoblette / November 1, 2008 4:02 PM PDT

Thanks Grif. I realised after I posted this that the problem was that I was being a stupid user :P.

You rock sg1ks, had been struggling with this one for a few hours, fix was quick 'n easy, and worked perfectly. Happy

I had done a system restore the night before which seemed to have eliminated the explore.exe steps, so all I needed to do was replace the host file and all was well. [something that 3 or 4 anti virus programmes failed to fix)

Collapse -
WinRAR is clean
by CNET Membership Support / October 24, 2008 10:07 AM PDT

Our Product Management Team re-tested WinRAR that is listed on Download.com with the latest malware and virus definition updates but did not find any problems. We were not able to duplicate the trouble you reported or find issues with the current file version. Our test results show that this product complies with CNET's Adware and Spyware Policy.

You may have been redirected to another site through a Sponsored Ad the site looks like Download.com but contains the infected file. We have blocked this site from CNET.

CNET Membership Support

Collapse -
WinRAR - Trenderdia
by mustangkat / October 25, 2008 5:31 AM PDT
In reply to: WinRAR is clean

Obviously you would like to think so, but there are too many emails out there now that show that other people went to Cnet and downloaded WinRAR and got the same Virus. All you have to do is do a Google search using trenderdia and there are a mass of them that lead back to cnet.

Collapse -
Cnet and Trenderdia and Winrar
by mustangkat / October 25, 2008 5:37 AM PDT
In reply to: WinRAR is clean

This was a sneaky little ****** and I have Norton 360 which I run and update every other day, as well as Spybot Search & Destroy, and Ad-aware. These programs couldn't even find it. I have now added Malware Bytes. Oh, it was real. Don't talk down to me. I'm not an idiot.

Collapse -
"WinRAR is clean"... yeah right!
by toekneeeh / October 25, 2008 5:42 AM PDT
In reply to: WinRAR is clean

It is NOT! I just downloaded it last night and had to uninstall and do several steps to completely remove it... thanks to the Internet and people who posted a solution to the virus; I'm back to normal... crossing my fingers. CNET check again!

Collapse -
WINRAR is NOT CLEAN !
by PaulKoren / October 27, 2008 11:13 AM PDT
In reply to: WinRAR is clean

I definitely got trenderdia from the download on your website.

However - my Norton 360 does not detect it.Even after the last updates a few hours ago.
Symantec does not list anything on 'trenderdia' on their website. So: check with the makers of your 'latest anti-virus software' and meanwhile de-list winrar - PLEASE!
Paul

Collapse -
I am also not an idiot, but...
by KevinMach / November 3, 2008 4:50 AM PST
In reply to: WINRAR is NOT CLEAN !

I wasn't paying that close attention and clicked on a link for Winrar, that took me what I thought was Cnets website (looked like it, but said download.org).

I noticed it, but didn't think anything of it- who would infect this older version of a silly little utility.

Anyway, you know the rest- just wanted to say that I originally thought it was cnet but later realized if probably wasn't-so I guess it's possible it could have happened to some others who were "sure" they were on the proper site.

FWIW

Collapse -
I noticed it also.
by PudgyOne / November 3, 2008 10:54 AM PST

I have Avast and it comes up as soon as you click on the download link. I sent an email to Lee about this, so he could notify the proper people.


Rick

Collapse -
Sent the complaint to the Download team...
by Lee Koo (ADMIN) CNET staff/forum admin / November 6, 2008 6:36 AM PST
In reply to: I noticed it also.

and the title came back clean, no malware... Possible false positives?

I'm stumped.

I know there are few fake CNET download.com pages with this same title out there on web causing havoc and confusion on users, so beware!

Here are couple of the sites, mimicking CNET Download.com pages.

****WARNING: PLEASE DO NOT DOWNLOAD FROM THESE PAGES!!****

www.wintechaiitm.org.cn/winrar.htm
www.downloadnow.com.cn/winrar.htm

I don't know what else to tell you guys. The title came back clean on our site. This is the one you guys are talking about right, or am I wrong?
http://www.download.com/WinRAR/3000-2250_4-10007677.html

Collapse -
I Have The Same Problem! Help!
by BloodRage90 / November 5, 2008 12:51 PM PST

I had just downloaded winrar to play my sims game! Now i find out i have a trojan! How do i get rid of this VIRUS! I can't visit myspace and a few other websites! It keeps on taking me to the microsoft security center! What do i do! Someone help!

Collapse -
bloodrage90 Hosts file
by sg1ks / November 6, 2008 6:53 AM PST

Please read some of the previous replies, you need to edit your hosts file, you will find it in the c:\windows\system32\drivers\etc directory. Edit with notepad or whatever and you will see all adrreses similar to www.google.com www.microsoft.com all have the same ip address, I can't remember as its been gone for a while now but will look like 192.168.255.255 ie four digits seperated by dots, so everytime you want to get to google it gets this address instead of one from a dns server on the internet and you end up on the same site, if you dont have a backup just delete tem all and save an empty file. In future always keep a copy tooked away somewhere else ie memorystick, disk etc. I so wish these ******** that spend all this time and effort one day get one back.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the school year

Smart tech for smart students

Forget the pencils and notebooks. Gear up your students with these portable and powerful note-taking machines.