Running WinRar v3.93 (cracked with key) made CIS crash [261]

I’ve downloaded the latest version of WinRar (cracked and with some keygen) from this adress:

and after I’ve downloaded it, I’ve scanned it with CIS and it said that there’s no threats !

Then I’ve used my trial WinRar software to extract the contents from the rar archive but I’ve received an alert from D+ saying that “WinRar needs to create a folder/file and that WinRar is a safe application…” !
Being suspicious about the site from which I’ve downloaded it (thank the WOT addon from my Firefox that gaved me yellow rating for this site) I’ve chosed the “make a windows system restore point” option in the D+ alert that popped up and then gaved the OK !
Then… Boom ! I’ve received the message window from CIS saying that it encountered a problem and needs to close !
Immediatelly then I’ve manually reseted my pc and then deleted the archive which I’ve downloaded !

So if anyone that has a testing pc for malware and wants to try and download that for testing, be my guest ! I’m not repeating that experience since this is my only pc !
I’m using win xp pro sp3 x32 !
Will do a full scan now to see if I’ve been infected !

Please don’t post links to live possible malware on the public boards.

If someone want’s to test this, please PM an active Mod for the link.

Dang, forgot that one ! Sorry !

Please keep me posted about this ! I really like to know if that was dangerous !

We would very much appreciate it if you would submit your bug report in the format requested here. For the reasons why see below.

In this case a crash dump file from CIS would be deeply appreciated.

Many thanks in anticipation

Mouse

WHY YOU SHOULD FOLLOW THESE GUIDELINES
Bugs/issues can be impossible or very time consuming to fix if not well described. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

The bug/issue

  1. What you did: downloaded the latest WinRar v3.93 (cracked with key) from the site in this pic ImageShack - Best place for all of your image hosting and image sharing needs
  2. What actually happened or you actually saw: after download, I’ve scanned the archive (see pic) ImageShack - Best place for all of your image hosting and image sharing needs and CIS said there’s no threats. Then I’ve tried to extract the contents of the archive using my WinRar v3.80.0.0 (trial) (see pic) ImageShack - Best place for all of your image hosting and image sharing needs. After that I’ve received a D+ alert (see pic) ImageShack - Best place for all of your image hosting and image sharing needs where I choosed the option “create a windows system restore point” and then I’ve pressed OK. As soon as I’ve hit the OK button I’ve received this (see pic) ImageShack - Best place for all of your image hosting and image sharing needs. Then I’ve pressed the Close buton on CIS window and after that I’ve received this message from my Winrar software (see pic) ImageShack - Best place for all of your image hosting and image sharing needs.
  3. What you expected to happen or see: since I’ve scanned the archive with CIS and it said is ok, I’ve expected to be able to extract the contents from the archive.
  4. How you tried to fix it & what happened: didn’t tried to fix it, when I’ve received the alert from CIS saying that it needs to close, I’ve manually restarted my pc and today I’ve retraced my steps (after I did a win sys restore point) to be able to compile this bug report.
  5. Details (exact version) of any software involved with download link: the only software involved with the download link was Firefox v3.6.10.
  6. Any other information you think may help us: it seems that the crashing of CIS was caused by cfp.exe which from what you can see from the win event viewer is an older version (see pic) ImageShack - Best place for all of your image hosting and image sharing needs

Files appended

  1. Screenshots illustrating the bug: see the following pics ImageShack - Best place for all of your image hosting and image sharing needs and ImageShack - Best place for all of your image hosting and image sharing needs
  2. Screenshots of related event logs or the active processes list: CIS D+ event pic ImageShack - Best place for all of your image hosting and image sharing needs
  3. A CIS config report or file. I have the file but I don’t know how to submit it in this report
  4. Crash or freeze dump file: since I’ve restarted my pc it didn’t create one or at least I think so (please tell me where to look for it)

My set-up

  1. CIS version & configuration used: my CIS version is the newest one, internet security configuration.
  2. Whether you imported a configuration, if so from what version: not aplicable
  3. Defense+ and Sandbox OR Firewall security level: D+ paranoid, Firewall in custom policy, Av is on access, sandbox is disabled.
  4. OS version, service pack, no of bits, UAC setting, & account type: windows xp pro, sp3 fully updated, x32, user account.
  5. Other security and utility software running:not aplicable
  6. CIS AV database version: 6114

P.S. Waiting for the info on how to submit my cis config file in this report.

It seems that this bug closes CIS interface. After that I’ve double-clicked the icon from desktop to start CIS again but didn’t looked to see in the task manager if CIS was still running. Will try to recreate to check.

EDIT: It seems now that extracting the contents from that archive doesn’t cause CIS to crash, I don’t even receive an alert from D+ (must be because I checked the “remember my answer” option) so I cannot recreate to see if it only causes CIS to close the user interface or to also close his processes from Task Manager !

Thanks for very well described issue.

You’ll find help in locating the crash dump here.

When you append this I will transfer to verified issues

Best wishes

Mouse

K, the CISDumps folder is empty but I’ve run Dr. Watson and found his user.dmp file but how do I submit it here in this report ?
U told me how to find it but didn’t told me how to submit it !

Oh, and also tell me how to submit my CIS config file in this report !

P.S. I didn’t use that WinRar 3.93 ! I was downloading it and used my 3.80.0.0 trial version to extract the archive that I’ve downloaded !
Maybe it interfered with my trial installed WinRar !

There are also three files from my trial installed winrar that are suspicious to av or D+ which I’ve put them on ignore list !

EDIT: Yep, in the av exclusion list ! The files are:

C:\Program Files\WinRar\Default.SFX
C:\Program Files\WinRar\WinCon.SFX
C:\Program Files\WinRar\Zip.SFX

Sorry will add this to the guidance.

When you reply you will find a little arrow and the red words ‘Additional options’ just below the text box. Use the attach sub-option. You’ll need to zip the files. If you have any problems (ie the files are too large) please PM me.

Many thanks

Mouse

Ok, here’s my CIS config file and the user.dmp file from Dr. Watson !
Hope this one will be solved !

Thanks for your help !

[attachment deleted by admin]

[attachment deleted by admin]

Ta transferring now!

Thanks for all your help

Mouse