Comment: Might not be a false warning.

(See in situ)


Might not be a false warning.

I got the warning. I clicked through. I got hit. (Can't say for sure it was the DP, but the only sites I've visited today are the same sites I visit pretty much every day, and only at the DP did I get a malware warning, and this is only the 2nd virus I've seen in about 6 years -- sounds like quite a coincidence if it wasn't the DP.)

The thing deposited two files in my "C:\ProgramData" directory:

07/12/2012 11:02 AM 91,136 attrrcpl.dll
07/12/2012 11:02 AM 92,672 attrrcpl64.dll

It also deposited the following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ciphnime"="rundll32 \"C:\\ProgramData\\attrrcpl64.dll\",CreateProcessNotify"

Those file names and registry key may be random, so if you want to check your own box, just look for any new .dll in "C:\ProgramData" (this is on Vista, the directory may be different under a different Windows version) and run "regedit" and check for anything suspicious in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run".