Again infected with virus called TimeServer. exe!

Does CIS not check for digital signature for files claiming to be Microsoft “files” like this I just got infected with

The Trojan will get installed after you run the Setup.exe and will be located as bellow. Terminate all

C:\ProgramData\Microsoft\Windows\Time\WindowsTime. exe
“C:\ProgramData\Microsoft\Windows\Time\TimeServer. exe”

then delete the folder C:\ProgramData\Microsoft\Windows\Time\ you’ll should also delete the registry key

this is what it does
“C:\ProgramData\Microsoft\Windows\Time\TimeServer. exe” -o stratum+tcp:// -u mijnmail.77 -p x -o stratum+tcp:// -u mijnmail.77 -p x -o stratum+tcp:// -u mijnmail.77 -p x --scrypt --intensity d --worksize 32 --rotate 20

it tries to use your GFX for Bitcoin mining, is so very stupid as it used 100% GPU so u easily notice it

update: All files have now been submitted to you! :P0l

For getting assistance if you think you are infected :

thx, no need i can deal with it myself!

No problem, I meant this forum is about “News / Announcements / Feedback - CIS”
Maybe your case may be considered as a feedback though…

If this is not feedback what is it?

This trojan will still be executed even if you run it with Comodo sandbox, obviously tried it just now!
So even due it will probably not be able to send out any data IT WILL STILL put heavy load on the GPU! hmm why was it allowed trough the firewall due???


Bitcoin mining

Just for some knowledge sharing could you plz explain… :slight_smile:

Google is better at that, here ****:// :slight_smile:

Hyperlinks. Posting of shortened or obfuscated links is not allowed. Comodo Forums are about security and does not want to jeopardize members and visitors in any way or form by providing modified links.

With the default settings the firewall is set to show no alerts and allow outgoing traffic by all programs. It’s not a default we are happy with here at the forums. The programdata folders are not part of the protected files and folders hence why it slipped through the cracks.