This is your scan of pkiviewt.dll . I got this, by using the
checksum value you posted, and feeding that back into Virustotal.
This would be what you saw on your scan.
Now, one thing pretty strange about your file, is the size.
262144 bytes. How often is a file like that, an exact power-of-two ?
If it was me, I would pop it in a hex editor for a look. Perhaps
the size, is an indication of the delivery vehicle. Rather than
being installed, it was downloaded somehow, and that file
is not the primary malware.
Another strange thing, is there isn't the usual file analysis
offered. Almost as if the file doesn't have header characteristics
of an executable. Usually, there is a bit more info in the
"Additional Information" tab.
https://www.virustotal.com/en/file/...08704e2e7b3b37a0a5ac1bda8582495d33e/analysis/
Fortinet W32/Ponmocup.GZ!tr 20130821
Ikarus Trojan.Win32.Pirminay 20130821
http://www.microsoft.com/security/p...r:Win32/Ponmocup.A&ThreatID=-2147337205#tab=2
"Threat behavior
TrojanDownloader:Win32/Ponmocup.A is a trojan that silently downloads
and installs other programs without consent. This could include the
installation of additional malware or malware components to an affected
machine.
TrojanDownloader:Win32/Ponmocup.A creates the following file(s) on an affected machine:
%windir%\temp\scse.tmp
%windir%\temp\scsf.tmp
<system folder>\drivers\etc\hosts
c:\documents and settings\administratorxplore.exe
"
That seems like a pretty concrete thing to work on.
Maybe the free version of Malwarebytes could be used
to scan the computer.
I didn't find much for Trojan.Win32.Pirminay . Note
that I don't click on that many links when I search
for one of those. There are plenty of sites offering
help, but which one do you trust ?
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/Vundo.KAT
While your scan results have the earmarks of false
positives, the fact you feel you're infected makes
the results more significant.
Paul