Can we answer the question "How did my computer become infected?"

Do you know of a feature that UVK should have? Post it here!
Post Reply
Brink
Posts: 283
Joined: Thu Jun 12, 2014 3:36 pm

Can we answer the question "How did my computer become infected?"

Post by Brink »

When a customer brings us computer it almost always has some form of malware. Nearly every time the customer will ask this question. "How did my computer become infected?"

All of the tools that we use to repair a virus-infected computer scan through the computer's hard drive finding nasty stuff then deleting it. It seems like someone would have by now, come up with the tool that first checks file dates and times on this nasty stuff before it deletes it and correlate this list of filenames and dates against browser history.

This would do a couple of things for us:

One we would be able to answer our customers question "how did my computer becomes infected? ". You can say look here on August 4 you are on such and such web page, and that's not a very good place to be.

Two it would allow us to add the URL of this site to the host file to prevent reinfection by the same thing on the same site. Then you can say hey, I took care of for you. This computer will no longer be able to even visit this site in the future.

It would seem like this would not be too tall an order to try to fill. Could ultra adware killer do something like this and maybe include the results in the log file?

I do understand that many time the thing got infected from other than a nasty script on a website. aka infected program was installed or the user just clicked next like crazy on a pup loaded shareware install. There are also many a pups and fakeware claiming to be something that it's not really. Driver updater crapware and bogus flashplayer come to mind in this regard. But we should still be able to get a history correlation to when the crap was downloaded and installed.

As always I appreciate all the work you do Fred. I totally understand if I'm asking something crazy and the answer is no.
Charger440
Posts: 1529
Joined: Sun May 25, 2014 7:44 am
Location: Missouri

Re: Can we answer the question "How did my computer become infected?"

Post by Charger440 »

I had been thinking about this myself, sort of. I was thinking that it would be nice to have a log of the files and settings that UVK removed and not just the "Removed 10 items" in the log files. So, I guess I kind of agree with you.

However, I find that when I have to answer that question, although I can't be specific, I say:
Dont use IE or Edge
Make sure you have an AV and AntiSpyware
Always use an ad blocker
Never click on ads especially when they are "From Microsoft"
I really don't recommend playing "free" games
There is a reason that Ads and emails try to get your attention
Don't click on email links unless you know where they are going.

I'm pretty sure there was a software named something like "How did I get infected" but I can't seem to find it. When I tried searching for it most of the Google results were about Gonorrhea and Gay men. Not really what we are trying to address here.....
Jim

It is not "Can it be done?" but rather, "How can we do it?"
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Can we answer the question "How did my computer become infected?"

Post by Fred »

Hey guys.

Brink, this is a nice feature request. I will add a new column to UAK's lists sowing file creation and modification. It will also add that information to the scan logs.

Matching it with browsing history is a different story. First of all, we don't know which browser was used, so we'd have to check them all. And since each browser uses a different way of saving history, I'd have to write different code for each one. Also, matching a date/time with thousands of URLs visited by several browsers can be time consuming and drastically increase the scan time when malware is found.

Also, as you said, the infection may not originate in internet browsing. It may come from a removable drive, network location, email attachment, etc. There are so many things to check out that it scares me out to try something similar for now.

Jim, UVK used to log all the files and registry entries deleted, and if I recall correctly, it was you who asked to make it simpler. I actually thank you for that, because the logs used to be so cluttered that no one paid attention to them. Detailed information about UAK scanned and deleted files can be found in UAK's logs.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Charger440
Posts: 1529
Joined: Sun May 25, 2014 7:44 am
Location: Missouri

Re: Can we answer the question "How did my computer become infected?"

Post by Charger440 »

Fred,

It would appear you were right and after finding and reading the request I made back when, I stand my that. However, my recent idea was based on the fact that UVK deleted a couple links from the desktop through the script I made. To my knowledge there is no record of the things it deleted which would be nice to have, just not in the Actions log of UVK.

viewtopic.php?f=9&t=996
Jim

It is not "Can it be done?" but rather, "How can we do it?"
Post Reply