"irrrar.exe"?

[S.Sengupta]

This is not a Windows file.I shall suggest you to scan your system with
latest virus definitioned antivirus along with latest versions of
spybot,search and destroy/CWShredder as well as Adaware.Scan with all
these tools in safe mode.

regards,
ssg MS-MVP

 

[MG.]

Hello to all. I have been laboring for days to get my 18 yr old daughter's
PC free from the boatload of spyware, crapware and scumware she managed to
accumulate. I think I'm ALMOST home free, but something keeps adding the
program "irrrar.exe" to the group of startup processes. I ran a multitude
of Adware removal programs, and then check the startup tab in msconfig, and
every so often there sits "irrrar.exe" with a path to
c:\windows\system32\irrrar.exe
When I look in the directory, it is not there. Yet CounterSpy shows it as a
running process and terminates it. To answer the obvious, yes I have the
"show all files button" ticked and all others relating to hidden and system
files.
Does anyone know anything about this program? I searched Google and yahoo
and came up empty.
Thanks in advance to any and all for the help and best regards,
morey G

 

[David H. Lipman]

From: "MG." <[email protected]>

| Hello to all. I have been laboring for days to get my 18 yr old daughter's
| PC free from the boatload of spyware, crapware and scumware she managed to
| accumulate. I think I'm ALMOST home free, but something keeps adding the
| program "irrrar.exe" to the group of startup processes. I ran a multitude
| of Adware removal programs, and then check the startup tab in msconfig, and
| every so often there sits "irrrar.exe" with a path to
| c:\windows\system32\irrrar.exe
| When I look in the directory, it is not there. Yet CounterSpy shows it as a
| running process and terminates it. To answer the obvious, yes I have the
| "show all files button" ticked and all others relating to hidden and system
| files.
| Does anyone know anything about this program? I searched Google and yahoo
| and came up empty.
| Thanks in advance to any and all for the help and best regards,
| morey G
|

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the Sysclean Front End utility ( SYSCLEAN_FE ) in "Procedure 1"
at the following URL, SYSCLEAN_FE automates the download and
execution process of the Trend Sysclean Package.
http://www.ik-cs.com/got-a-virus.htm

Direct URL:
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close

Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }

When you get to the Sysclean Front End menu, hit 'e' or '3' to exit.

2) Download and install Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/
3) Update Adaware with the latest definitions then exit the software.
4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
5) Reboot your PC into Safe Mode and shutdown as many applications as possible
6) Using the Trend Sysclean and Ad-aware SE utilities, perform a Full Scan of your
platform and clean/delete any infectors found
7) Restart your PC and perform a "final" Full Scan of your platform using both Trend
Sysclean and Ad-aware SE
8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) Create a new Restore point

* * Please report back your results * *

 

[Rick \Nutcase\ Rogers]

Hi,

See: http://rickrogers.org/fixes.htm#Trojan

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Kelly]

Hi,

Boot into safe mode. Under Folder Options/View: Show hidden files and
folders, uncheck Hide protected operating system files. Then navigate to:
c:\windows\system32\irrrar.exe

Right click, delete. If it doesn't remove, which it should, end the process
first via the task manager, then delete. It should then be removed from
msconfig/startup and your registry runkeys. Post back if you are needing
any further help.


--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[MG.]

Thanks to everyone for writing back, I do appreciate it. I did have
success, but I don't know what did it.

I always run AdAware, Spybot, etc in Safe Mode. Plus, the "hide
protected...." button is always unchecked in my sytems and it still didn't
show up there. That's what's had me stumped!
Also, I'm using the latest versions of AdAware, Spybot, Norton, CounterSpy,
CWS Shredder, HiJack This and Spyblaster. With two kids in the house, each
on their own PC, spyware and Antivirus scans are part of normal routine
maintenance in my house.
My girl had managed to accumulate some 100+ items of malware.
I also shut down system restore before booting back into Windows to clean
anything else left in the backup files.

I did it all over again this morning, shut down, rebooted 3 or 4 times and
it is FINALLY gone. I have no clue what it was, or how it got there, but it
is gone for now, anyway. I couldn't even tell you which program rid me of
it, but it does seem to be gone.

As an aside, CounterSpy is one heck of a program and found and deleted
quite a few items AdAware did not. But, it's not free like AdAware so it
may be you get what you pay for?

Thanks once again, I'll be back if there are any more problems.
Regards to all,
morey g

 

[Kelly]

Most welcome and glad you have it sorted. Thanks for the feedback.

--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[Plato]

Boot into safe mode. Under Folder Options/View: Show hidden files and
folders, uncheck Hide protected operating system files. Then navigate to:
c:\windows\system32\irrrar.exe

Trouble is, often a nasty is embedded as a different core file name,
perhaps even a .dll, and then it renames/creates a another filename to
run as it launches. It makes it harder to find the source of the
trouble, but then again, that's why the nasty boys do it that way.

 

[Plato]

As an aside, CounterSpy is one heck of a program and found and deleted
quite a few items AdAware did not. But, it's not free like AdAware so it
may be you get what you pay for?

Not necessarily. Often one program can find a problem where another
cannot. In other words, the same may have been trun in reverse. eg your
paid program may have not fixed it while the free program did. That's
why its often suggested that you have two programs of such type ready to
go, use the second one as a double check.