Originally Posted by bearpunk
am i wrong in thinking the dates on files are a giveaway?...
Dates
can be a clue, but you shouldn't go by that alone. The operating system and your programs will create or modify different files as part of their normal operation, so the fact that a file was modified/created on a date that
you didn't manipulate any files isn't an absolute indication that the file is malware-related.
Some other fators that can help you determine whether a file is malicious or not:
* The exact
time of creation/modification. If you find a clump of files whose timestamps (as well as datestamps) are identical or very close, chances are good that the files were created/modified by the same process.
* No identifying information (version #, company name, etc.) in a file's properties pages. Such "anonymous" files are always worth looking into.
* Random or "garbage" filenames. For instance, common sense should indicate that a file named "
11Fßä�#·ºÄÖ`I" just
might be malicious.
* Files whose names are
almost identical to normal/legit files: s
cvhost.exe instead of s
vchost.exe, for example.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
