Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Bizarre folder injection issue (virus?)
New Posts  All Forums:Forum Nav:

Bizarre folder injection issue (virus?)

post #1 of 7
Thread Starter 
This is the strangest thing i've ever seen and there is NOTHING on google about it.

about two weeks about seemingly out of no where almost every subfolder on my D drive (not my main, my C drive is fine) has a folder in it that has been renamed to:

__rar_tmp

and I mean it's almost in every folder, it's completely broken all my steam games just because it breaks the directory. I'm guessing i'm out of luck because no one I have asked IT pro or not has not heard of this.

I have my D drive root set as my rar temp directory, but it's been that way for years and usually it only makes a few folders with names like $rar. So I have no idea if it's a trojan or what. If anyone has any ideas i'd love to hear it!
Navi 2.1
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K GIGABYTE GA-Z68XP-UD3  MSI GTX 970 GAMING 4G Ripjaw DDR3 
Hard DriveOptical DriveCoolingOS
Intel 80Gb SSD+1TB+243Gb Sony Blu-ray drive Corsair H100 +140mm X2 120mm X3 (two intake) Windows 7 64-Bit 
MonitorKeyboardPowerCase
HP 27" 2560X1440 DAS Keyboard Mechanical 600w Thermaltake LIAN LI PC-B25F Black Aluminum ATX Mid Tower  
MouseMouse PadAudio
Razer Deathadder Steelseries mouse mat Klipsch Promedia 2.1 
  hide details  
Reply
Navi 2.1
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K GIGABYTE GA-Z68XP-UD3  MSI GTX 970 GAMING 4G Ripjaw DDR3 
Hard DriveOptical DriveCoolingOS
Intel 80Gb SSD+1TB+243Gb Sony Blu-ray drive Corsair H100 +140mm X2 120mm X3 (two intake) Windows 7 64-Bit 
MonitorKeyboardPowerCase
HP 27" 2560X1440 DAS Keyboard Mechanical 600w Thermaltake LIAN LI PC-B25F Black Aluminum ATX Mid Tower  
MouseMouse PadAudio
Razer Deathadder Steelseries mouse mat Klipsch Promedia 2.1 
  hide details  
Reply
post #2 of 7
Quote:
Originally Posted by Rushnerd View Post

This is the strangest thing i've ever seen and there is NOTHING on google about it.

about two weeks about seemingly out of no where almost every subfolder on my D drive (not my main, my C drive is fine) has a folder in it that has been renamed to:

__rar_tmp

and I mean it's almost in every folder, it's completely broken all my steam games just because it breaks the directory. I'm guessing i'm out of luck because no one I have asked IT pro or not has not heard of this.

I have my D drive root set as my rar temp directory, but it's been that way for years and usually it only makes a few folders with names like $rar. So I have no idea if it's a trojan or what. If anyone has any ideas i'd love to hear it!

Have you scanned your drive?
Snowdevil
(16 items)
 
ASUS G750JM
(9 items)
 
 
CPUMotherboardGraphicsGraphics
[i7 4790K @ 4.4 GHz (1.186v)] [Asus Sabertooth Z97 Mark S] [nVidia Geforce GTX 1080] [nVidia Geforce GTX 1080] 
RAMHard DriveCoolingOS
[G.Skill 32GB DDR3 2133 MHz] [Crucial MX100 256GB] [Phanteks PH-TC12DX] [Win 10.1 Pro] 
MonitorMonitorKeyboardPower
[LG 29UM65 (2560x1080)] [QNIX Evo II LED (2560x1440)] [WASD v2 Tenkeyless] [NZXT Hale90 v2 ] 
CaseMouseMouse PadAudio
[ThermalTake GT10 Snow Edition] [Razer Mamba - Chroma] [Razer Kabuto] [Razer Man O' War] 
CPUMotherboardGraphicsRAM
i7 4770HQ Intel HM87 Express Chipset Geforce GTX 860M 8GB DDR3L 1600 MHz 
Hard DriveOptical DriveCoolingOS
Samsung SSD EVO DVD-RW Stock Windows 8.1 
Monitor
1920x1080 TN 
  hide details  
Reply
Snowdevil
(16 items)
 
ASUS G750JM
(9 items)
 
 
CPUMotherboardGraphicsGraphics
[i7 4790K @ 4.4 GHz (1.186v)] [Asus Sabertooth Z97 Mark S] [nVidia Geforce GTX 1080] [nVidia Geforce GTX 1080] 
RAMHard DriveCoolingOS
[G.Skill 32GB DDR3 2133 MHz] [Crucial MX100 256GB] [Phanteks PH-TC12DX] [Win 10.1 Pro] 
MonitorMonitorKeyboardPower
[LG 29UM65 (2560x1080)] [QNIX Evo II LED (2560x1440)] [WASD v2 Tenkeyless] [NZXT Hale90 v2 ] 
CaseMouseMouse PadAudio
[ThermalTake GT10 Snow Edition] [Razer Mamba - Chroma] [Razer Kabuto] [Razer Man O' War] 
CPUMotherboardGraphicsRAM
i7 4770HQ Intel HM87 Express Chipset Geforce GTX 860M 8GB DDR3L 1600 MHz 
Hard DriveOptical DriveCoolingOS
Samsung SSD EVO DVD-RW Stock Windows 8.1 
Monitor
1920x1080 TN 
  hide details  
Reply
post #3 of 7
Thread Starter 
Yeah, and for mal/junkware too, even used a registry cleaner and looked and my running programs. It really appears that this was a one time thing that happened.

Almost feels like something tried put the entire contents of the drive in a rar file and this is everything that is left over
Navi 2.1
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K GIGABYTE GA-Z68XP-UD3  MSI GTX 970 GAMING 4G Ripjaw DDR3 
Hard DriveOptical DriveCoolingOS
Intel 80Gb SSD+1TB+243Gb Sony Blu-ray drive Corsair H100 +140mm X2 120mm X3 (two intake) Windows 7 64-Bit 
MonitorKeyboardPowerCase
HP 27" 2560X1440 DAS Keyboard Mechanical 600w Thermaltake LIAN LI PC-B25F Black Aluminum ATX Mid Tower  
MouseMouse PadAudio
Razer Deathadder Steelseries mouse mat Klipsch Promedia 2.1 
  hide details  
Reply
Navi 2.1
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K GIGABYTE GA-Z68XP-UD3  MSI GTX 970 GAMING 4G Ripjaw DDR3 
Hard DriveOptical DriveCoolingOS
Intel 80Gb SSD+1TB+243Gb Sony Blu-ray drive Corsair H100 +140mm X2 120mm X3 (two intake) Windows 7 64-Bit 
MonitorKeyboardPowerCase
HP 27" 2560X1440 DAS Keyboard Mechanical 600w Thermaltake LIAN LI PC-B25F Black Aluminum ATX Mid Tower  
MouseMouse PadAudio
Razer Deathadder Steelseries mouse mat Klipsch Promedia 2.1 
  hide details  
Reply
post #4 of 7
Is it possible your rar program did that as a future-proofing speed measure or something?

Could be like how picasa creates that dumb picasa.ini file in every single folder that has an image in it. Or at least it used to.
Someone's Trash
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core2Quad QX9650 Foxconn Blackops x48 Zotac Amp! GTX 580 1.5GB G.Skill 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Sandisk Extreme 120GB SSD Cooler Master Hyper 212 Plus Windows 7 x64 Professional Hanns-G 27" 1920x1200 
KeyboardPowerCaseMouse
Logitech K800 Rosewill Tachyon 750W 80+ Plat Rosewill Thor Logitech Wireless Trackball M570 
  hide details  
Reply
Someone's Trash
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core2Quad QX9650 Foxconn Blackops x48 Zotac Amp! GTX 580 1.5GB G.Skill 8GB DDR3-1600 
Hard DriveCoolingOSMonitor
Sandisk Extreme 120GB SSD Cooler Master Hyper 212 Plus Windows 7 x64 Professional Hanns-G 27" 1920x1200 
KeyboardPowerCaseMouse
Logitech K800 Rosewill Tachyon 750W 80+ Plat Rosewill Thor Logitech Wireless Trackball M570 
  hide details  
Reply
post #5 of 7
Thread Starter 
All I have is winrar and 7zip(which I never use) My D root drive is my temp folder for winrar but it's never made more than a few files before.

I posted this on other windows 7 forums too but no one has heard of it lol.

I'm guessing there is no way to ever reverse this, but I just don't want it to happen again
Navi 2.1
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K GIGABYTE GA-Z68XP-UD3  MSI GTX 970 GAMING 4G Ripjaw DDR3 
Hard DriveOptical DriveCoolingOS
Intel 80Gb SSD+1TB+243Gb Sony Blu-ray drive Corsair H100 +140mm X2 120mm X3 (two intake) Windows 7 64-Bit 
MonitorKeyboardPowerCase
HP 27" 2560X1440 DAS Keyboard Mechanical 600w Thermaltake LIAN LI PC-B25F Black Aluminum ATX Mid Tower  
MouseMouse PadAudio
Razer Deathadder Steelseries mouse mat Klipsch Promedia 2.1 
  hide details  
Reply
Navi 2.1
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K GIGABYTE GA-Z68XP-UD3  MSI GTX 970 GAMING 4G Ripjaw DDR3 
Hard DriveOptical DriveCoolingOS
Intel 80Gb SSD+1TB+243Gb Sony Blu-ray drive Corsair H100 +140mm X2 120mm X3 (two intake) Windows 7 64-Bit 
MonitorKeyboardPowerCase
HP 27" 2560X1440 DAS Keyboard Mechanical 600w Thermaltake LIAN LI PC-B25F Black Aluminum ATX Mid Tower  
MouseMouse PadAudio
Razer Deathadder Steelseries mouse mat Klipsch Promedia 2.1 
  hide details  
Reply
post #6 of 7
maybe some sort of rare bug caused by a race condition or something?
Fractal Fury
(9 items)
 
TJ08-e Reborn!
(12 items)
 
CPUMotherboardGraphicsRAM
i7-5930k ASRock X99m Killer AMD Radeon Fury X G-Skill Ripjaws 4 32Gb 
Hard DriveCoolingKeyboardPower
Kingston Hyper-X Predator M.2 Corsair H100i GTX Ducky Shine III (MX Blue) EVGA Supernova 750 G2 
Case
Fractal Node 804 
  hide details  
Reply
Fractal Fury
(9 items)
 
TJ08-e Reborn!
(12 items)
 
CPUMotherboardGraphicsRAM
i7-5930k ASRock X99m Killer AMD Radeon Fury X G-Skill Ripjaws 4 32Gb 
Hard DriveCoolingKeyboardPower
Kingston Hyper-X Predator M.2 Corsair H100i GTX Ducky Shine III (MX Blue) EVGA Supernova 750 G2 
Case
Fractal Node 804 
  hide details  
Reply
post #7 of 7
Thread Starter 
It must be rare if "rar tmp" or "rar temp" brings up almost nothing on search engines.

Also what's strange is around the same time my D drive icon decided to vamoose, talk about weird!
Navi 2.1
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K GIGABYTE GA-Z68XP-UD3  MSI GTX 970 GAMING 4G Ripjaw DDR3 
Hard DriveOptical DriveCoolingOS
Intel 80Gb SSD+1TB+243Gb Sony Blu-ray drive Corsair H100 +140mm X2 120mm X3 (two intake) Windows 7 64-Bit 
MonitorKeyboardPowerCase
HP 27" 2560X1440 DAS Keyboard Mechanical 600w Thermaltake LIAN LI PC-B25F Black Aluminum ATX Mid Tower  
MouseMouse PadAudio
Razer Deathadder Steelseries mouse mat Klipsch Promedia 2.1 
  hide details  
Reply
Navi 2.1
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K GIGABYTE GA-Z68XP-UD3  MSI GTX 970 GAMING 4G Ripjaw DDR3 
Hard DriveOptical DriveCoolingOS
Intel 80Gb SSD+1TB+243Gb Sony Blu-ray drive Corsair H100 +140mm X2 120mm X3 (two intake) Windows 7 64-Bit 
MonitorKeyboardPowerCase
HP 27" 2560X1440 DAS Keyboard Mechanical 600w Thermaltake LIAN LI PC-B25F Black Aluminum ATX Mid Tower  
MouseMouse PadAudio
Razer Deathadder Steelseries mouse mat Klipsch Promedia 2.1 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › Bizarre folder injection issue (virus?)