then delete the folder C:\ProgramData\Microsoft\Windows\Time\ you’ll should also delete the registry key
this is what it does
“C:\ProgramData\Microsoft\Windows\Time\TimeServer. exe” -o stratum+tcp://pool1.us.multipool.us:7777 -u mijnmail.77 -p x -o stratum+tcp://lite80.coin-pool.com:80 -u mijnmail.77 -p x -o stratum+tcp://de1.miningpool.co:10901 -u mijnmail.77 -p x --scrypt --intensity d --worksize 32 --rotate 20
it tries to use your GFX for Bitcoin mining, is so very stupid as it used 100% GPU so u easily notice it
update: All files have now been submitted to you! :P0l
This trojan will still be executed even if you run it with Comodo sandbox, obviously tried it just now!
So even due it will probably not be able to send out any data IT WILL STILL put heavy load on the GPU! hmm why was it allowed trough the firewall due???
Google is better at that, here ****://goo.gl/HkxjB1
Hyperlinks. Posting of shortened or obfuscated links is not allowed. Comodo Forums are about security and does not want to jeopardize members and visitors in any way or form by providing modified links.
With the default settings the firewall is set to show no alerts and allow outgoing traffic by all programs. It’s not a default we are happy with here at the forums. The programdata folders are not part of the protected files and folders hence why it slipped through the cracks.
