Understanding win32.downloader.gen malware found by SpyBot
I am a newbie here; just downloaded/ran SpyBot today, and it found win32.downloader.gen.
Reviewing the SpyBot log, I see three diff. last modified date/timestamps on the dozen or so files associated with this malware.
Here are my Qs about this malware:
Do last modified file date/timestamps give me a clue when this malware last did something? If they were all during 2013 (yes, I know, why did I only get Spybot now) then have I been secure since then?
I think this malware was effective on IE, but not on Chrome. If I am running Chrome for the last year+, then I think that is why these timestamps are only 2013 vintage. Is that plausible?
Can someone tell me a resource link that describes more robustly what things this malware could have done to me? It seems like it is an enabler that allows other malware to be installed. I need to know more specifics, if I can get them. Could it have enabled key logging. Could it have enabled theft of files off my PC hard drive.
Much thanks for all wise counsel ... I find it hard to piece together "what was done and when"
Seeking more forensic analysis clues rather than how-to-remove assistance
Quote:
Originally Posted by
tashi
Hello nextchapter, :welcome:
Please see this topic:
win32.downloader.gen
Let us know if that helps.
Best regards.
Thanks for your reply, tashi. I reviewed that thread. I should have mentioned that SpyBot appears to have removed this malware (and that I had no need of "run as admin" sorts of approaches, either). So, I believe I have gotten rid of it. My focus is two-fold: First, WHAT that virus might have done, or enabled other malware to have done, on my PC; and second, WHEN those activities happened.
I thought I'd start with seeing if Last Modified timestamps on the files of this malware could help me time-bracket its period of malicious behavior.
So ... if this is the wrong forum since SpyBot seems to have done its thing just fine, I quite understand ... any tips on where else (another internet security community, perhaps) I could go to seek expertise in the malware's behavior, rather than the methods for isolating and removing it?
