22 total posts
Cnet WinRar trenderdia
I forgot to mention that I am running XP with IE 6 and the google toolbar, though I can access google and google search, gmail, hotmail now, but it is still on my computer somewhere and doing a redirect or something and I want it off may machine.
I'm sure it's got some other hiddent files somewhere.
This seems to have worked for me...
As soon as it happened, Vista alerted me something wasn't right. Following these steps, mostly as found in another forum, my computer seems clear. The only thing I didn't do was run S&D at the end before the reboot.
1. Ran a full AV with Avira antivirus software.
2. Using Hijack this, found redirects and deleted them.
3. Used Malware bytes anti-malware. This found a file and registry entry. Allowed it to delete/fix both.
4. Ran Adaware which found tracking cookies maybe something else -- dont recall but let it delete everything it found.
5. Checked my host file and it was empty.
6. Rebooted and did it all over again... found nothing.
It was time consuming....
For all the above programs I selected full or deep or complete scans although the main file was a dll.
Past experience with malware makes me think the following:
Delete it ASAP, the longer it stays around, the more opportunity it has to spread into multiple areas on your computer and download other crap from the internet.
Use multiple attacks (anitspyware, anti virus, Hijack this, etc.) but never two of the same types of programs, at least with regard to AV software.
Best of luck....
reply to: Cnet WinRAR download trojan
Update and run your security software,
then try Housecall and let it remove all it finds. Then, before you do anything else, delete all system backups such as System Restore that may possibly be harboring a copy of the infection.
Hope this is helpful.
Fix for my Problem with WINRAR
I found what I thought was the most uptodate version on CNET and as people are finding out it causes an annoying popup and redirects to well known web sites.
Fix by ADD/REMOVE programs running unistall WINRAR
then remove file explorer.exe in the c:\windows\system32\
directory, note by hovering over this file it identifies itself as winrar, thats the end of the popup.
Go to c:\windows\system32\drivers\etc\hosts and edit in notepad, you will see all the sites you cannot access with a fixed IP Address, replace this with hosts.sav if there is one or any backup copy made yourself else get a copy from a friend.
You should now be able to connect to the internet.
In internet explorer on the menu bar select tools/internet options and on the general tab press button delete files, removing any cache version.
Navigate to :-
Remove entry pointing at c:\windows\system32\explorer.exe
Reboot and you should be in the same state as me, freeas a bird.
I've tried doing what is explained below...
1. Download Malwarebytes? Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as ?default? only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes? Anti-Malware
- Launch Malwarebytes? Anti-Malware
5. Click ?Finish.? Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the ?Show Results?
8. Make sure that all detected threats are marked, click on Remove Selected.
Explorer Cache Files
9. On IE menu select Tools > Internet Options
10. On General tab, press Delete All, then close IE
Removing Registry Entries
11. Go to Start > Run, then type regedit
12. Navigate to
Remove entry c:\windows\system32\explorer.exe
Delete Infected File:
13. Go to c:\windows\system32\ and delete the file explorer.exe
14. Restart your computer.
The problems im having is....
1. For "Removing Registry Entries" Once i navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run
There is no entry that says "c:\windows\system32\explorer.exe"
2. For "Delete infected file" I have the same problem. When i go to "c:\windows\system32\" Once again, there is no explorer.exe file.
I'm running Vista 64bit. I've done a scan with norton 360 and nothing came up. With malware I had two threats come up and it delted both sucessfully. Please let me know how i can fix this!!!
I don't know about Vista 64 bit. Once I got ride of the Trojans with Malware byte, I couldn't find the exployer.exe either.
But I downloaded Hijack this to get rid of the redirect problem. It was obvious once you looked at the file. You just do as the other posting instructed. You can see all the redirect files for ebay, amazon, youtube, etc. I clicked on one, asked for what it was and did a delete and it deleted all of them. I checked for everthing else and it was gone. I haven't had any trouble since, but am running everything and keeping everything updated.
I am also keeping the cache clean--getting rid of the temp Internet files and cookies. It took me five days between work and stuff to get it all done.
getting rid of trenderdia
thanks sg1ks, you're a gem.
Your instructions have cleared the Trojan, in a much simpler way than suggested elsewhere - 2 minutes!
I did need to re-install internet explorer 7 to get rid of the web redirections but that's easy...
Need help too please!
Exact same problem. And definitely got this from downloading Winrar off CNET - last night! Am on windows XP and have no SYSTEM32 folder that I can see... what should i do?
To Show The System32 Folder...
RIGHT click on the Start button, choose "Explore" from the little menu.. When the Explorer window loads, click on "Tools" in the upper left, choose "Folder Options", then click on the "View" tab.. When that loads, place a dot/tick in the "Show Hidden files and folders", then UNCHECK the boxes next to "Hide extensions for known file types" and "Hide protected operating system files (Recommended)", then click on "apply", then OK..
Since you're already using Explorer, you can now look on the left side of the screen, and find the C:\Windows\System32 folder and click once on it.. On the right side of the screen, you should see all the files that reside in the System32 folder.
Hope this helps.
This fix is great.
Thanks Grif. I realised after I posted this that the problem was that I was being a stupid user :P.
You rock sg1ks, had been struggling with this one for a few hours, fix was quick 'n easy, and worked perfectly.
I had done a system restore the night before which seemed to have eliminated the explore.exe steps, so all I needed to do was replace the host file and all was well. [something that 3 or 4 anti virus programmes failed to fix)
WinRAR is clean
Our Product Management Team re-tested WinRAR that is listed on Download.com with the latest malware and virus definition updates but did not find any problems. We were not able to duplicate the trouble you reported or find issues with the current file version. Our test results show that this product complies with CNET's Adware and Spyware Policy.
You may have been redirected to another site through a Sponsored Ad the site looks like Download.com but contains the infected file. We have blocked this site from CNET.
CNET Membership Support
WinRAR - Trenderdia
Obviously you would like to think so, but there are too many emails out there now that show that other people went to Cnet and downloaded WinRAR and got the same Virus. All you have to do is do a Google search using trenderdia and there are a mass of them that lead back to cnet.
Cnet and Trenderdia and Winrar
This was a sneaky little ****** and I have Norton 360 which I run and update every other day, as well as Spybot Search & Destroy, and Ad-aware. These programs couldn't even find it. I have now added Malware Bytes. Oh, it was real. Don't talk down to me. I'm not an idiot.
"WinRAR is clean"... yeah right!
It is NOT! I just downloaded it last night and had to uninstall and do several steps to completely remove it... thanks to the Internet and people who posted a solution to the virus; I'm back to normal... crossing my fingers. CNET check again!
WINRAR is NOT CLEAN !
I definitely got trenderdia from the download on your website.
However - my Norton 360 does not detect it.Even after the last updates a few hours ago.
Symantec does not list anything on 'trenderdia' on their website. So: check with the makers of your 'latest anti-virus software' and meanwhile de-list winrar - PLEASE!
I am also not an idiot, but...
I wasn't paying that close attention and clicked on a link for Winrar, that took me what I thought was Cnets website (looked like it, but said download.org).
I noticed it, but didn't think anything of it- who would infect this older version of a silly little utility.
Anyway, you know the rest- just wanted to say that I originally thought it was cnet but later realized if probably wasn't-so I guess it's possible it could have happened to some others who were "sure" they were on the proper site.
I noticed it also.
I have Avast and it comes up as soon as you click on the download link. I sent an email to Lee about this, so he could notify the proper people.
Sent the complaint to the Download team...
and the title came back clean, no malware... Possible false positives?
I know there are few fake CNET download.com pages with this same title out there on web causing havoc and confusion on users, so beware!
Here are couple of the sites, mimicking CNET Download.com pages.
****WARNING: PLEASE DO NOT DOWNLOAD FROM THESE PAGES!!****
I don't know what else to tell you guys. The title came back clean on our site. This is the one you guys are talking about right, or am I wrong?
I Have The Same Problem! Help!
I had just downloaded winrar to play my sims game! Now i find out i have a trojan! How do i get rid of this VIRUS! I can't visit myspace and a few other websites! It keeps on taking me to the microsoft security center! What do i do! Someone help!
bloodrage90 Hosts file
Please read some of the previous replies, you need to edit your hosts file, you will find it in the c:\windows\system32\drivers\etc directory. Edit with notepad or whatever and you will see all adrreses similar to www.google.com www.microsoft.com all have the same ip address, I can't remember as its been gone for a while now but will look like 192.168.255.255 ie four digits seperated by dots, so everytime you want to get to google it gets this address instead of one from a dns server on the internet and you end up on the same site, if you dont have a backup just delete tem all and save an empty file. In future always keep a copy tooked away somewhere else ie memorystick, disk etc. I so wish these ******** that spend all this time and effort one day get one back.