The .rar extension is associated with both the bat.rahiworm Trojan horse virus (July 3, 2001) and W32.HLLO.Rozak virus (Feb. 18, 2002, a very new virus). Only www.symantec.com has information on the W32.HLLO.Rozak since it is so new.
Both are easy to remove using the Symantec antivirus tools. Both modify the following file types: exe, mpg, mpg4, zip, doc, rar, avi and bat.
Ensure you have the current updated virus definitions and run the Symantec tool. Run a full systems scan including ALL FILES (exe, compressed 'zip,' dat, etc). Have the program "DELETE" all infected files, then recover those files from vendors or trusted sources. Recovery of these files may be difficult due to backup virus corruption as well. Be careful upon removing. Delete all files found to be infected, do not quarantine.
If you need further assistance go to the Symantec site and type both the virus and Trojan names. Ensure you clean all media and all files.
For more information on this topic, visit these other SearchSecurity.com resources:
Virus Prevention Tip: Cleaning out a virus infection
Virus Prevention Tip: Fear no attachments
Best Web Links: Common Vulnerabilities & Prevention Tips
This was first published in March 2002