Understanding win32.downloader.gen malware found by SpyBot

[nextchapter]

I am a newbie here; just downloaded/ran SpyBot today, and it found win32.downloader.gen.

Reviewing the SpyBot log, I see three diff. last modified date/timestamps on the dozen or so files associated with this malware.

Here are my Qs about this malware:

Do last modified file date/timestamps give me a clue when this malware last did something? If they were all during 2013 (yes, I know, why did I only get Spybot now) then have I been secure since then?

I think this malware was effective on IE, but not on Chrome. If I am running Chrome for the last year+, then I think that is why these timestamps are only 2013 vintage. Is that plausible?

Can someone tell me a resource link that describes more robustly what things this malware could have done to me? It seems like it is an enabler that allows other malware to be installed. I need to know more specifics, if I can get them. Could it have enabled key logging. Could it have enabled theft of files off my PC hard drive.

Much thanks for all wise counsel ... I find it hard to piece together "what was done and when"

 

[tashi]

Hello nextchapter, :welcome:

Please see this topic: win32.downloader.gen

Let us know if that helps.

Best regards.

 

[nextchapter]

Seeking more forensic analysis clues rather than how-to-remove assistance

Hello nextchapter, :welcome:

Please see this topic: win32.downloader.gen

Let us know if that helps.

Best regards.

Thanks for your reply, tashi. I reviewed that thread. I should have mentioned that SpyBot appears to have removed this malware (and that I had no need of "run as admin" sorts of approaches, either). So, I believe I have gotten rid of it. My focus is two-fold: First, WHAT that virus might have done, or enabled other malware to have done, on my PC; and second, WHEN those activities happened.

I thought I'd start with seeing if Last Modified timestamps on the files of this malware could help me time-bracket its period of malicious behavior.

So ... if this is the wrong forum since SpyBot seems to have done its thing just fine, I quite understand ... any tips on where else (another internet security community, perhaps) I could go to seek expertise in the malware's behavior, rather than the methods for isolating and removing it?

 

[tashi]

Hello nextchapter,

Win32.downloader.gen is the generic description used by various security companies for unknown Trojans.

As it may be distributed through several means, the best advice is to keep your operating system and software up to date and practice safe surfing.

We have a thread with some tips that might be useful: http://forums.spybot.info/showthread.php?279-So-how-did-I-get-infected-in-the-first-place

Hope that helps.