Saturday 10 August 2013

timeserver.exe*32 and windowstime.exe*32

You're concentrating on the presence of those files in that location without wondering how they got there.

If you have a bitcoin-mining program running you'll notice constant high cpu and/or gpu usage. That's a definite clue. But the bitcoin-mining processes may not be the only signs of infection to look for. Something had to put them on your system.

McAfee firewall is only effective against malware threats up to a point. If you allow a program to download and run, you bypass the firewall checks. If you use IRC, uTorrent or P2P you bypass the firewall. And if you've got an out-of-date version of Java or Reader (among other favourite attack vectors) then an exploit kit can infect you despite having an AV program running. Of course, the first thing serious malware does is to cripple your antivirus protection (yes, there are ways to do it).

Your PC may have malware running that co-opts you into a botnet. In which case if you just clean the visible symptoms of bitcoin mining today you could be re-infected tomorrow. You may have a rootkit - ZeroAccess is sometimes used for bitcoin mining.

I would advise running something a bit stronger than MSE or Malwarebytes to check your system. Rootkit Remover, Stinger, GMER for a start. If you have a serious infection you may need specialist help from one of the specialist forums.

Of course, you may be lucky. Maybe you're not a part of a botnet, maybe you've not been pwned. But I wouldn't count on it.

https://krebsonsecurity.com/2013/07/botcoin-bitcoin-mining-by-botnet/

http://uga-group.com/forum/t.Timeserver-exe-Bitcoin-Miner

http://www.bleepingcomputer.com/startups/windowstime.exe-21282.html

https://secure2.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Dloadr-AQV/detailed-analysis.aspx


View the original article here

No comments:

Post a Comment