Get date on hits?

[mekno]

I am new to SBD, I've been all through Tutorial and FAQ's and still
confused as to how to see the date of Log entries. Tutorial says go into
ADVANCED mode. I've done that. I don't see any button on set date.
Entires come up on scan, but hitting button on right does not show
any date. Another place says Logfile settings will show date. I don't
see any place to set Logfile settings? What am I missing? This is not a bug
to report, juat an honest effort to see. I don't require the time.
One thing I noticed is I have some alarming things on first run that
Adaware did not pick up, and I'd like to know if they are very old.
Thanks....Actually me don't know too much. I am the recent release
with update 1/20/2006

[md usa spybot fan]

I am new to SBD, I've been all through Tutorial and FAQ's and still confused as to how to see the date of Log entries.

I am somewhat confused as to which "Log entries" you are "confused as to how to see the date" on. I may be able to help if you could specify specifically which "Log entries" you are referring to.

If you are talking about the logs produced during scan and fixes, perhaps the following may help:

• By default here are two Checks.yymmdd-hhmm logs produced during a scan. The second Checks.yymmdd-hhmm has the details of what the scan found. A Fixes.yymmdd-hhmm log is produced if you fix or attempt to fix something.
  
  
• There are two methods to view that information:
  
  • Method 1:
    
    • Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Pervious reports. Look for the last Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm from when you got the error message.
  • Method 2
    
    • The Checks.yymmdd-hhmm and Fixes.yymmdd-hhmm files are stored in the following folders:
      
      • Windows 95 or 98:
        C:\Windows\Application Data\Spybot - Search & Destroy\Logs
      • Windows ME:
        C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
      • Windows NT, 2000 or XP:
        C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
    • Using Windows Explorer, navigate to the correct Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm file. Double click on it and it should open with Notepad.

[mekno]

Thanks Fan...That was very informative about tools etc.
The only scan I'm aware of is the one caused by 'Check for Problems'
button... It is true I did not go to advanced mode on the 1st try.
I got hits on Xupiter,Shopnow,Gator,Alexa related, Huntbar (info but no date
on right side) None of these were picked up on the prior run of AdawareSE
I thought if I did a recovery that I might see the date the infection occurred.
Sooo.., did that,made sure I was in advanced mode, then reran the
Check for Problems, and checked all the logs... Again the only dates
listed in the logs, checks etc of the date run was the date of the scan.
I guess I don't have to be too concerned for the future as I do have
teetime and intend to keep updated. I just don't understand what the
turtorial is trying to tell me. Thanks, again

[mekno]

I've done this a number of times since, and still the only dates I see
in each instance are the date of the scan. For instance I let 3 days go by
ran the check for problems, got 6 hits of cookies, 1 of which had 3 hits,
I would have assumed they wre 3 different days, but all of the files only
showed the same day of the run. In all instances the Advanced Mode was
still on. Either I am still doing something wrong or the tutorial needs up-
dating. Mekno....???

[bitman]

mekno: Spybot S&D doesn't directly try to determine the date(s) the spyware first entered your system. Though in some cases portions of the logs do display dates that files were created such as BHOs or ActiveX, not all are displayed, especially the Startup entries.

Here's an example of the Acrobat Reader BHO showing dates and other info:

Code:

--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
          BHO name: 
        CLSID name: AcroIEHlprObj Class
       description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
         info link: http://www.adobe.com/products/acrobat/readstep2.html
       info source: TonyKlein
              Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
         Long name:   AcroIEHelper.dll
        Short name:       ACROIE~1.DLL
    Date (created): 9/23/2005 7:12:08 PM
Date (last access): 1/31/2006 8:06:08 AM
 Date (last write): 9/23/2005 7:12:08 PM
          Filesize:              63136
        Attributes:           archive 
               MD5: B61D5D651ECC6055C29BF826CA7B1141
             CRC32:           FEF15799
           Version:          7.0.5.172

Note that this Startup entry for Acrobat Reader doesn't list dates though:

Code:

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
   file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
   size: 29696
    MD5: 43362b96870ce8649f4f2ec893da93f0

Spybot S&D is not designed to perform forensics or to aid in determining how or when the PC became infected. Though a few dates may be displayed, this is simply a side effect of this information being available to the programmer to display and not a specific attempt to provide forensic data.

To display the log containing this info, go to Advanced Mode > Tools > View Report > View report.