Help with Programs suddenly not loading Vistax64

Help, suddenly some of my programs will not open in Vista x64. I ran
various Spyware, Malware and Anti Virus programs and they reported a
clean system which may or may not mean anything. I started procexp64
running in the background. What is unusual is that when I click on MS
Excel or any other program that will not open, there is a sudden flash
on Process Explorer screen displaying RarExtLoader.exe which then
disappears. I cannot find Rarextloader.exe on my system.

I know I downloaded WinRar utility from Cnet but info on
rarextloader.exe brings up conflicting information. Could this be the
program causing the problem with my programs not loading? If this is not
the right thread please redirect as this is my first posing.

'_http://www.prevx.com/filenames/1541310175317465311-X1/RAREXTLOADER.EXE.htm_'
(http://www.prevx.com/filenames/15413...ADER.EXE.htm)l

'_http://www.threatexpert.com/files/rarextloader.exe.html_'
(http://www.threatexpert.com/files/rarextloader.exe.html)
Associated Malware Groups

The unsafe files using this name are associated with the malware group:

* Worm

File Behavior

RAREXTLOADER.EXE has been seen to perform the following behavior:

* This process creates other processes on disk
* This Process is a file infector which modifies program files to
include a copy of the infection
* This Process Deletes Other Processes From Disk
* Executes a Process
* The Process is packed and/or encrypted using a software packing
process

RAREXTLOADER.EXE has been the subject of the following behavior:

* Created as a process on disk
* Executed as a Process
* Created by processes which appear to be checking for interception by
security products
* Deleted as a process from disk


Country Of Origin

The filename RAREXTLOADER.EXE was first seen on May 24 2007 in the
following geographical regions of the Prevx community:

* SPAIN on May 24 2007
* The UNITED STATES on May 24 2007
* URUGUAY on Apr 7 2008
* The UNITED KINGDOM on May 29 2009

File Name Aliases

RAREXTLOADER.EXE can also use the following file names:

* 82568568.SVD
* PORTABLE WINRAR/APP/RAREXTLOADER.EXE
* 36544663.EXE

Filesizes

The following file size has been seen:

* 66,560 bytes
* 118,596 bytes
* 74,137 bytes
* 221,658 bytes
* 21,504 bytes

Vendor, Product and Version Information

Files with the name RAREXTLOADER.EXE have been seen to have the
following Vendor, Product and Version Information in the file header:

* ; ; 1.0.0.0


File Type

The filename RAREXTLOADER.EXE refers to many versions of an executable
program



File Activity

One or more files with the name RAREXTLOADER.EXE creates, deletes,
copies or moves the following files and folders:

* Creates c:\windows\system32\maxtrox.txt
* Deletes c:\documents and settings\user\application data\desktop.ini
* Creates c:\documents and settings\user\application data\Desktop.ini
* Creates c:\documents and settings\user\application
data\microsoft\Desktop.ini
* Creates c:\documents and settings\user\applications data\Desktop.ini
* Creates c:\windows\system32\Windows 3D.scr
* Creates c:\documents and settings\user\application
data\microsoft\asca.exe
* Deletes c:\documents and settings\user\applications data\Desktop.ini
* Moves c:\documents and settings\user\application
data\microsoft\asca.exe to c:\documents and settings\user\application

data\microsoft\dsh.exe
* Creates c:\windows\system32\Desktop.sys
* Creates c:\windows\system32\CommandPrompt.Sys
* Creates c:\documents and settings\user\application
data\microsoft\2029


Registry Activity

One or more files with the name RAREXTLOADER.EXE creates or modifies
the following registry keys and values:

*
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
HideFileExt value:
*
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
ShowSuperHidden value:
*
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
Hidden value:
*
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\CabinetState
FullPathAddress value:


--
Ecoclimber

-:an The Man ::-::::-

Does this only happen with Office apps?

"Ecoclimber" <> wrote in message
news:...
>
> Help, suddenly some of my programs will not open in Vista x64. I ran
> various Spyware, Malware and Anti Virus programs and they reported a
> clean system which may or may not mean anything. I started procexp64
> running in the background. What is unusual is that when I click on MS
> Excel or any other program that will not open, there is a sudden flash
> on Process Explorer screen displaying RarExtLoader.exe which then
> disappears. I cannot find Rarextloader.exe on my system.
>
> I know I downloaded WinRar utility from Cnet but info on
> rarextloader.exe brings up conflicting information. Could this be the
> program causing the problem with my programs not loading? If this is not
> the right thread please redirect as this is my first posing.
>
> '_http://www.prevx.com/filenames/1541310175317465311-X1/RAREXTLOADER.EXE.htm_'
> (http://www.prevx.com/filenames/15413...ADER.EXE.htm)l
>
> '_http://www.threatexpert.com/files/rarextloader.exe.html_'
> (http://www.threatexpert.com/files/rarextloader.exe.html)
> Associated Malware Groups
>
> The unsafe files using this name are associated with the malware group:
>
> * Worm
>
> File Behavior
>
> RAREXTLOADER.EXE has been seen to perform the following behavior:
>
> * This process creates other processes on disk
> * This Process is a file infector which modifies program files to
> include a copy of the infection
> * This Process Deletes Other Processes From Disk
> * Executes a Process
> * The Process is packed and/or encrypted using a software packing
> process
>
> RAREXTLOADER.EXE has been the subject of the following behavior:
>
> * Created as a process on disk
> * Executed as a Process
> * Created by processes which appear to be checking for interception by
> security products
> * Deleted as a process from disk
>
>
> Country Of Origin
>
> The filename RAREXTLOADER.EXE was first seen on May 24 2007 in the
> following geographical regions of the Prevx community:
>
> * SPAIN on May 24 2007
> * The UNITED STATES on May 24 2007
> * URUGUAY on Apr 7 2008
> * The UNITED KINGDOM on May 29 2009
>
> File Name Aliases
>
> RAREXTLOADER.EXE can also use the following file names:
>
> * 82568568.SVD
> * PORTABLE WINRAR/APP/RAREXTLOADER.EXE
> * 36544663.EXE
>
> Filesizes
>
> The following file size has been seen:
>
> * 66,560 bytes
> * 118,596 bytes
> * 74,137 bytes
> * 221,658 bytes
> * 21,504 bytes
>
> Vendor, Product and Version Information
>
> Files with the name RAREXTLOADER.EXE have been seen to have the
> following Vendor, Product and Version Information in the file header:
>
> * ; ; 1.0.0.0
>
>
> File Type
>
> The filename RAREXTLOADER.EXE refers to many versions of an executable
> program
>
>
>
> File Activity
>
> One or more files with the name RAREXTLOADER.EXE creates, deletes,
> copies or moves the following files and folders:
>
> * Creates c:\windows\system32\maxtrox.txt
> * Deletes c:\documents and settings\user\application data\desktop.ini
> * Creates c:\documents and settings\user\application data\Desktop.ini
> * Creates c:\documents and settings\user\application
> data\microsoft\Desktop.ini
> * Creates c:\documents and settings\user\applications data\Desktop.ini
> * Creates c:\windows\system32\Windows 3D.scr
> * Creates c:\documents and settings\user\application
> data\microsoft\asca.exe
> * Deletes c:\documents and settings\user\applications data\Desktop.ini
> * Moves c:\documents and settings\user\application
> data\microsoft\asca.exe to c:\documents and settings\user\application
>
> data\microsoft\dsh.exe
> * Creates c:\windows\system32\Desktop.sys
> * Creates c:\windows\system32\CommandPrompt.Sys
> * Creates c:\documents and settings\user\application
> data\microsoft\2029
>
>
> Registry Activity
>
> One or more files with the name RAREXTLOADER.EXE creates or modifies
> the following registry keys and values:
>
> *
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
> HideFileExt value:
> *
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
> ShowSuperHidden value:
> *
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
> Hidden value:
> *
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\CabinetState
> FullPathAddress value:
>
>
> --
> Ecoclimber
>
> -:an The Man ::--::::-