system
5
Hi David,
Thanks for your response.
First - Please 'modify' your post [b]change the URL from http to hXXp or www to wXw[/b], to break the link and avoid accidental exposure to suspect sites, thanks.
Done!
You could also check the usrcrtTime.dll file at: [url=http://www.virustotal.com/][b]VirusTotal - Multi engine on-line virus scanner[/b][/url] and [b]report the findings here, post the URL in the Address bar of the VT results page[/b].
Done!
Here’s the link:
http://www.virustotal.com/file-scan/report.html?id=182a145511e6e30cb03ff357396de4fca617806e416a34838688384af6863b3f-1323711187
If not detected by avast! which it doesn't appear to all that it is registering is that this file tried to make the connection to the site with click.php.
This file is not being detected by Avast! It did block access to the webserver, though.
- Send the usrcrtTime.dll sample to avast as a possible Undetected Malware:
Open the chest...
Done!
Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.
I had already renamed the file, so it’s still sitting where I found it, but not doing anything. Good that you told me, though. I’d assuming “adding to chest” was more like “moving to chest.”
I keep getting popup messages saying that the .dll can’t be found, so there is some process running that’s trying to access it. Any idea on how to find it?
MalwareBytes Anti-Malware (MBAM)...
I’ve actually been running MBAM since I found this virus today. It’s been running for over two hours, and so far has reported two objects infected.
Thanks for your help!
I await more advice on what to look for now that this virus has been found.