winrar.exe – Here is the scoop on WinRAR as it pertains to computer network security. The big question: what is winrar.exe and is it spyware, a trojan and if so, how do I get rid of WinRAR?
winrar.exe (WinRAR) – Details
winrar.exe is considered to be a security risk, not only because antivirus programs flag CoolWWWSearch / WinRAR as a virus, but also because a number of users have complained about its performance.
CoolWWWSearch / WinRAR is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of winrar.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information to websites.
The Process Server database currently registers winrar.exe to CoolWWWSearch / rarlab.com.
This is part of CoolWWWSearch / WinRAR.
winrar.exe is related to iedll.exe, loader.exe, tapicfg.exe, waol.exe.
Winrar.exe – Confusion
Winrar.exe is a legitimate archive program which can be obtained at RarLab.com. The confusion over Winrar comes from claims that coolwwwsearch uses the same executable name (.exe) as that of winrar.
Many spyware/malware programs use filenames of usual, non-malware programs such as Winrar.
The legitimate winrar is an archive program, that can be obtained from rarlab.com. If you have a process called winrar.exe running on your computer and you don’t use the ‘winrar’ archiving utility, your computer has most likely been infected with a variant of the coolwwwsearch parasite.
If you find winrar.exe running on you computer and don’t use Winrar Archive, then this may present a serious vulnerability. Any vulnerability should be removed immediately.
For a list of free virus removal programs, visit our Personal Antivirus list.
Special thanks to Eugene for the update and suggestions on Winrar, it’s greatly appreciated!
WINRAR.EXE – Disclaimer
Every attempt has been made to provide you with the correct information for winrar.exe or WINRAR. Many spyware / malware programs use filenames of usual, non-malware programs. If we have included information about winrar.exe that is inaccurate, we would greatly appreciate your help by leaving a comment with the correct information below and we’ll do our best to correct it.
You should verify the accuracy of information we provided about winrar.exe.
I’m running 2 machines with WinXP SP3 and WinRAR 3.7.1, which I use very frequently. One day one machine had a runaway process on boot-up, and launched around 400 instances of WinRAR all of which generated “Corrupt archive” messages. My virus scanner, which is up-to-date, was silent on the issue.
I tried restoring the system to an earlier profile twice with no luck. I uninstalled WinRAR (using Control Panel > Uninstall), and deleted the instances of WinRAR in Windows\Prefetch. I also edited the registry, removing all instances of WinRAR.
On reboot, the problem was gone.
I did in-depth virus scans on both machines on completion of this clean-up.
Three days later my second system had the same problem on boot-up. This time I just uninstalled WinRAR and deleted Windows\Prefetch\WinRAR.exe, and rebooted. The problem went away without the additional work in RegEdit and System Restore.
I re-installed WinRAR from my original media and everything is back to normal.
I have no idea what triggered the events.