WINRAR.EXE is Trojan Bladabindi

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

We checked up the file WINRAR.EXE and found it hazardous.
The file WINRAR.EXE must be deleted from the system immediately.
Kill the process WINRAR.EXE and remove WINRAR.EXE from the Windows startup.

Malware Analysis of WINRAR.EXE
Full path on a computer: %Temp%\winrar.exe

Detected by UnHackMe:

Item Name: 1ce5c21bd74c042cdcd945e699c951c5
Author: Unknown
Related File: %TEMP%\WINRAR.EXE
Type: Registry Run

Item Name: 1ce5c21bd74c042cdcd945e699c951c5.exe
Author: Unknown
Related File: %STARTUP%\1CE5C21BD74C042CDCD945E699C951C5.EXE
Type: Startup Folder

Will you remove it?
0 0

Download Removal Tool for Free

People say

Visitor post

Default location: %Temp%\winrar.exe

Removal Results: Success
Number of reboot: 1

WINRAR.EXE is known as:

Trojan.Bladabindi, Trojan.Zapchast, Trojan.Msil


  • MD5: e1c333694696ac5788ae7f48bf9a8c22
The file tries to download information from some web sites.
How to quickly detect WINRAR.EXE presence?

  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\1ce5c21bd74c042cdcd945e699c951c5: “”%Temp%\winrar.exe” ..”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\1ce5c21bd74c042cdcd945e699c951c5: “”%Temp%\winrar.exe” ..”
  • %Temp%\winrar.exe
  • %Temp%\winrar.exe.tmp
  • %Startup%\1ce5c21bd74c042cdcd945e699c951c5.exe

I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.

STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.


1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.