Rarsfx0/installer.exe ?
Bit Defender has recently blocked this file twice. When I look at it in BD it doesn't show any of the usual association such as that it's a Windows file and where it it located. It just points to my Documents folder. I can't find a satisfactory explanation on Google and it's just a bunch of speculation as far as I can tell. Nobody sounds authoritative on what it is, who made it, or what it does.
Any authoritative explanation would be appreciated.
Thanks
Wsmith
Answers
-
If it's any consolation I had the same alert yesterday. I too posted here about it. I have been searching for info regarding the file and IP address, but no luck. Do you run Surfshark VPN at all
0 -
Kindly check if the following steps help you:
1) Open the Run command and execute the following commands one by one:
temp – delete all the files in the folder.
%temp% – delete all the files in the folder.
prefetch – delete all the files in the folder.
2) Run Disk Cleanup using this guide: https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68
3) Reset the Windows host file to default. You can find instructions here: https://support.microsoft.com/en-us/topic/how-to-reset-the-hosts-file-back-to-the-default-c2a43f9d-e176-c6f3-e4ef-3500277a6dae
Let us know if the issue has been resolved or if it still persists.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Hi Flexx, Thanks for your suggestions. I've never had to do such an involved multi-step process to rid my system of something and I'm not even sure it should be removed. That is why I chose to buy Malwarebytes - so it can do this if it's dangerous.
Why is it so unknown re what is does and where it came from? That's what I want. Why can't Malwarebytes just quarantine it? I assume I could then see if it negatively impacts my system in some way and if I wish, I could un-quarantine it.
I'm a new user and unfamiliar with how Malwarebytes operates so I only assume the quarantine/un-quarantine part.
0 -
I just did a new Google search and found this link.
https://vms.drweb.com/virus/?i=27019533
It ID's it as: Trojan.Siggen21.31984
I cannot see anything re what it is designed to do. Is this a real Trojan? Can Malwarebytes say anything about it? It would help to know what it is designed to do and what danger it poses.
0 -
I posted about the same firewall alert as you. Someone else has now posted the same.
https://community.bitdefender.com/en/discussion/103739/my-firewall-just-block-this-c-windows-temp-rarsfx0-packages-installer-exe#latest
The IP address installer.exe is trying to connect to 34.120.85.253 appears to belong to Bitdefender, so I'm not too worried about the alert.
I'm only a novice but I fail to see a connection to the Drweb malware you associated. 🙂
0 -
I see. Thanks for that.
The Drweb report was simply what their analysis found. I found it via google search.
0 -
Kindly contact Malwarebytes and Dr.Web support regarding your query, if it pertains to their respective products.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0
