windowstime.exe infected?

Viruses and worms
1

Avast said windowstime.exe was infected with a dropper and moved it to the vault. Isn’t that something windows needs? Thanks for any info.

2

that filename is also found to be a rouge antispyware program…
the only way to test is to upload the file to www.virustotal.com and test With 40+ malware scanners

3

Thanks for the reply. I’m wondering though, if it’s infected and I get rid of it, do I need to get the original (if needed by windows) and replace it? If so, where do I get it from?

I uploaded it and it said 14 of 45 (different results: dropper, miner, trojan, and other various things)

4

Hi,

If this file is located in C:\Windows\System and it have “HKLM | HKCU/ … / Run” key as loading point than it is worm\trojan.
I will be working on your Malware issues if you will. During this case I will use multiple tools for the best possible analysis and malware removal.

Please download Farbar Recovery Scan Tool and Zoek.exe and save both tools to your Desktop.

[color=green] Note for Farbar Recovery Scan Tool (aka FRST):
You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[color=green] Note for Zoek.exe:
Do not launch Zoek.exe yet! We shall use it later.

http://www.mcshield.net/personal/magna86/Images/FRST.gif
FRST Scan:

[*]Double-click on FRST/FRST64 to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

5
I uploaded it and it said 14 of 45 (different results: dropper, miner, trojan, and other various things)
post link to scan result....
I'm wondering though, [b]if it's infected and I get rid of it[/b],
well, if avast moved it to chest...then avast got rid of it. however there may be additional files to remove... magna86 will find out so follow his advice ;)
6

Thanks for the quick reply and help. Trying to help a friend out, but never saw that type of infection before. It’s his work machine and he’s worried about losing stuff, but it seems okay. Thanks again for double checking.

7

Hi,

By logs I can see that this is not a private computer but the computer used for business?
I am not paid to do this, I’m separates my free time to be helper. If your friend earns on that machine, it’s order to pay someone to clean it up.

Sorry.

8

No problem, I completely understand and will let him know.