Can we answer the question "How did my computer become infected?"
Posted: Sun Sep 03, 2017 3:47 am
When a customer brings us computer it almost always has some form of malware. Nearly every time the customer will ask this question. "How did my computer become infected?"
All of the tools that we use to repair a virus-infected computer scan through the computer's hard drive finding nasty stuff then deleting it. It seems like someone would have by now, come up with the tool that first checks file dates and times on this nasty stuff before it deletes it and correlate this list of filenames and dates against browser history.
This would do a couple of things for us:
One we would be able to answer our customers question "how did my computer becomes infected? ". You can say look here on August 4 you are on such and such web page, and that's not a very good place to be.
Two it would allow us to add the URL of this site to the host file to prevent reinfection by the same thing on the same site. Then you can say hey, I took care of for you. This computer will no longer be able to even visit this site in the future.
It would seem like this would not be too tall an order to try to fill. Could ultra adware killer do something like this and maybe include the results in the log file?
I do understand that many time the thing got infected from other than a nasty script on a website. aka infected program was installed or the user just clicked next like crazy on a pup loaded shareware install. There are also many a pups and fakeware claiming to be something that it's not really. Driver updater crapware and bogus flashplayer come to mind in this regard. But we should still be able to get a history correlation to when the crap was downloaded and installed.
As always I appreciate all the work you do Fred. I totally understand if I'm asking something crazy and the answer is no.
All of the tools that we use to repair a virus-infected computer scan through the computer's hard drive finding nasty stuff then deleting it. It seems like someone would have by now, come up with the tool that first checks file dates and times on this nasty stuff before it deletes it and correlate this list of filenames and dates against browser history.
This would do a couple of things for us:
One we would be able to answer our customers question "how did my computer becomes infected? ". You can say look here on August 4 you are on such and such web page, and that's not a very good place to be.
Two it would allow us to add the URL of this site to the host file to prevent reinfection by the same thing on the same site. Then you can say hey, I took care of for you. This computer will no longer be able to even visit this site in the future.
It would seem like this would not be too tall an order to try to fill. Could ultra adware killer do something like this and maybe include the results in the log file?
I do understand that many time the thing got infected from other than a nasty script on a website. aka infected program was installed or the user just clicked next like crazy on a pup loaded shareware install. There are also many a pups and fakeware claiming to be something that it's not really. Driver updater crapware and bogus flashplayer come to mind in this regard. But we should still be able to get a history correlation to when the crap was downloaded and installed.
As always I appreciate all the work you do Fred. I totally understand if I'm asking something crazy and the answer is no.