As a sympton this has been around for years, but, as the author points out, this variant is incredibly resistant to virus checkers. I had this for about a month and fiddled sporadically with virus checkers of various sorts and nothing suspicuous flagged up. Eventually I found a dll manually in the C:windows\system 32 with a "date modified" of 2008 but a date created of 2012. I renamed it ( it was wmpns.dll ) and to date Ive not experienced any more problems. wmpns is the name of a legitimate windows media player applet, but as I never use media player, and other sites say it can be used as a threat filename, I would be curious if you find a similar file.
↧