a1_Andy
Premium
join:2005-12-29
Campbellford, ON
 ·TekSavvy Solutions..
| Heads up; Usenet, "Rarpassgen.exe" virus
Just a heads up, some ass/bot is downloading files from usenet adding a password and rarpasgen.exe to the files and uploading them as repack. It will say just use the pass gen to unlock the rar.
If you downloaded one of those archives you can save yourself from downloading the files again by opening the rarpassgen.exe virus with a hex editor and the password will be right there in plain sight.
For those of you who are not on unlimited this should come in handy. |
|
HiVolt
Premium
join:2000-12-28
Toronto, ON
clubs: | Is it an actual malicious virus? Or simply a stupid waste of bandwidth.
--
GO LEAFS GO! |
|
a1_Andy
Premium
join:2005-12-29
Campbellford, ON | If you run the rarpassgen.exe your in for a world of trouble on a windows box, not sure about linux or mac. Yes its a couple malicious viruses. I have seen it 3 times now and every time its been a new virus in the rarpassgen.exe. |
|
robinjames
Premium
join:2008-04-20
Ottawa, ON
| reply to a1_Andy
yea, its a virus i'm afraid... i got suckered by it but luckily avg picked up on it... I'm on unlimited, so I erased the download and found a clean one. If i knew about the hex editing i wouldn't have erased it tho  |
|
as_you_grow
@bell.ca | yes as you grow your userbase with avg is going to report the unheard of a virus in a newsgroup. you ve hit the bigtime teksavvy |
|
Angelo_
The Network Guy
Premium
join:2002-06-18 | i keep finding these on torrents these days 2nd pc that got caught by a fake av infection...
someone seems to be injecting execuatbles with annoying bs... |
|
R0CKY
TSI Rocky
Premium,VIP
join:2005-05-19
Chatham, ON | Hmmm..... sounds like some people are starting to have mean streaks in the torrent world! |
|
andyb
Premium
join:2003-05-29
SW Ontario | Probably Media Sentry lol.Those guys get away with anything. |
|
Doci
Toothless Fairy
join:2003-02-01
·Bell Sympatico
edit:
September 30th, @12:12PM
| reply to a1_Andy
said by a1_Andy  :If you run the rarpassgen.exe your in for a world of trouble on a windows box, not sure about linux or mac. Why should that even be a question? Linux and mac do not run windows binaries natively. |
|
shepd
join:2004-01-17
Kitchener, ON
·TekSavvy Solutions..
| said by Doci :Why should that even be a question? Linux and mac do not run windows binaries natively. Okay, it's cheating, but WINE is not an emulator. Considering how impressive WINE has been lately (I mean this in a good way, really, I managed to burn a dual layer DVD with ultraiso, well, 75% of it anyways...) I wouldn't be surprised if you could infect your home directory's windows binaries.
Yes, it doesn't load the binaries *directly*, but then again, if someone managed to write a virus in perl/sh/tcl/php/python/etc it isn't being loaded any more indirectly than using wine. |
|
Stewy
Premium
join:2007-12-12
Kitchener, ON
| reply to HiVolt
said by HiVolt :Is it an actual malicious virus? Am I reading this thread right, this is a warning for a Virus on usenet ? |
|
erm yeah
@videotron.ca
| said by Stewy :said by HiVolt :Is it an actual malicious virus? Am I reading this thread right, this is a warning for a Virus on usenet ? My thoughts exactly... totally out of place, in the wrong forum and or maybe even the wrong website. |
|
a1_Andy
Premium
join:2005-12-29
Campbellford, ON | I seen nothing here at DSLR for usenet so I posted it here. mods are welcome to del it if they want. Take it or leave it. I use Teksavvy internet and the free usenet so where else should I have posted?
Yes its a warning and a work around. |
|
Rand_at_DSLR
@sonic.net
|  reply to a1_Andy
This came up, and while I didn't get suckered into running it, there was no other release out yet, and I was hoping someone had found the password out for me. 
Anyhow, upon reading the OP's suggestion that the password was locatable using just a hex editor made me stop and wonder if seriously, that would work. A random string of characters in the middle of a binary? What do you look for? Turns out, you look for the part near the end where it says "Password = dveuhf". (The password is probably release specific, probably won't work for anything else.)
So, congrats to a1_Andy for figuring this out, and shame on the creator for such a poor loop hole. (I'm happy though, hehe.) |
|
Usenet User
@swbell.net | reply to a1_Andy
The password, dveuhf, worked for me as well. |
|
kurisui
join:2007-08-23
Gananoque, ON
| reply to a1_Andy
This is why I use newzbin for usenet binaries, bad reports rarely get put on there, and they rarely last long when they do. Not to mention it fully integrates with SabNZBd which one click downloads/repairs/extracts/deletes/renames. Worth every penny  . |
|
downloader dude
@t-ipconnect.de | reply to a1_Andy
Hey, I used the hexeditor trick and it worked like a charm! Password for Desperate Housewives S05E01 is kongking. |
|
DjEclipse
join:2007-11-20
Niagara Falls, ON | reply to a1_Andy
Thanks for the heads up. |
|
Sawadee87
@belgacom.be | reply to a1_Andy
Hello
I downloaded a tv show and there was this file rarpassgen.exe
i clicked on it but i'm on a Mac and it didn't open because my computer cannot open .exe files.
Is it possible that it was infected nonetheless?
thank you |
|
RobC
@verizon.net | reply to a1_Andy
If you're on Linux, here's a simple way to find the password:
strings RARPassGen.EXE |grep ^Password
Password = verify65 |
|
