Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How can I see the exact date a virus/trojan infected my computer?


  • Please log in to reply
3 replies to this topic

#1 kurtgillis12

kurtgillis12

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 March 2016 - 08:02 AM

My old laptop(XP) has had trojans and backdoor problems in the past. Just out of curiosity, i downloaded malwatebyes antimalware and scanned it. There were quite a few infections on it, which I didn't remove. I first wanted to see if there was a way to see when they infected me. (Specific date)

Dont worry about helping me remove them, I'm not planning on taking this computer out of retirement for good.

Thanks for any help!

BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 08 March 2016 - 08:10 AM

Hi kurtgillis12 :)

One tactic malware uses to stay under the radar and make sure that they don't get noticed by the user, is to change their creation and/or last modification date. So let's say that you find an executable called malicious.exe, even though it infected you a month ago, it's possible that it changed it's created date to somewhere in 2012 to throw you off. I don't encounter a lot of malware that do that, but it's a possibility. Personally, I usually go by the creation/last modification date and time of the malicious file, unless it's something unrealistic like years ago, and I know that the system was infected just recently.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 kurtgillis12

kurtgillis12
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 08 March 2016 - 12:33 PM

Hi kurtgillis12 :)One tactic malware uses to stay under the radar and make sure that they don't get noticed by the user, is to change their creation and/or last modification date. So let's say that you find an executable called malicious.exe, even though it infected you a month ago, it's possible that it changed it's created date to somewhere in 2012 to throw you off. I don't encounter a lot of malware that do that, but it's a possibility. Personally, I usually go by the creation/last modification date and time of the malicious file, unless it's something unrealistic like years ago, and I know that the system was infected just recently.


Thanks Aura!

So to see the creation or last modification date do I just find the file location and then go to properties or something?

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 08 March 2016 - 12:37 PM

Yes. Right-click on the file and select Properties.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users