Deleted942342User Posted March 13, 2016 Share Posted March 13, 2016 I reinstalled Oblivion today and downloaded a bunch of mods from nexusmods. Right in the middle of installing these mods my winamp started behaving strangely (opening tracking pages). It first occured when I opened the file to the Blockhead mod. But before that I opened a bunch of other rars normally. Avira didn't find anything in the questioned rar files. But I wasn't doing anything else than installinf mods from nexusmodswhen that behaviour started occuring. Only exception was OBSE, which I got from the OBSE page. Malwarebytes anti rootkit did then find Malware (Trojan.Agent) with WinRAR.exe. I'm feeling scared now. Dunno if admins can see my nexusmods download history from today. Link to comment Share on other sites More sharing options...
Deleted942342User Posted March 13, 2016 Author Share Posted March 13, 2016 Sorry also for typos. I didnt type this on PC. Link to comment Share on other sites More sharing options...
Deleted942342User Posted March 13, 2016 Author Share Posted March 13, 2016 Since I cant edit my post. I mean my WinRAR startedact strange, not Winamp. Link to comment Share on other sites More sharing options...
Striker879 Posted March 13, 2016 Share Posted March 13, 2016 Back in Nov 2015 a user reported a false positive from Windows Defender. The current version 10.3 download is still displaying the site's green check mark (click on that and you'll see the report). All of the version 10 series downloads have been using the 7z compression format. I suggest using 7 Zip for extracting ... the added bonus is it can also extract all of the older formats so it works as a complete replacement for WinRAR. Link to comment Share on other sites More sharing options...
Deleted942342User Posted March 13, 2016 Author Share Posted March 13, 2016 Yeah but the fact is that I really caught Malware that started sending me to tracking sites whenever I opened WinRAR.exe. That was where the Trojan was found. And WinRARs behaviour changed whileI was installing mods. Can't say where itcame from cause Avira found nothing in my download folder. It first happened when I opened the Blockhead file but that doesn't mean it's at fault. I downloaded WryeBash.exe right before but didn't start that .exe. Last I installed before were the Unofficial OblivionDLC Patch and the Construction Set. Downloaded with acc Katiilein. Link to comment Share on other sites More sharing options...
Striker879 Posted March 13, 2016 Share Posted March 13, 2016 I'm unsure what to further suggest. I have downloaded and extracted a ton of mods from here and have yet to find an infected file (90% as part of troubleshooting somebody else's problem ... it's pretty rare I go beyond looking at the extracted files/folders during troubleshooting). Wrye Bash, the UOPs and the Construction Set are all part of my install (though the CS was downloaded long ago, WB and the UOPs are more recently downloaded and updated). Link to comment Share on other sites More sharing options...
Recommended Posts