Is it possible to find the origin of a virus?
What you are asking looks very much like what forensic researchers do in criminal cases. You could make a copy of the disk and then with painstaking manual analysis and forensic tools try to find clues. You could maybe determine the time of infection, and if enough logs are left try to list the sources accessed around that time.
But success is definitely not guaranteed, for a number of reasons:
you did not have systematic logging active on an 'ordinarily configured' computer
the infection sources may have changed/gone; you do have some extra information here in cases where 'familiar' viruses have been distributed through a limited number of sites (not likely).
especially in your case is sound like an ordinary hard disk that has been used since the infection, thereby overwriting important information from around the time of infection.
So, for all practical purposes, the answer is 'very unlikely'.
Related videos on Youtube
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
Is there any method with which you can determine the origin for a given piece of malware in Windows?
One of my PCs was recently infected with the
PWS:Win32/Zbot.gen!AP
password stealing trojan. Is there any way to tell from what source this virus was downloaded from?-
Oliver Salzburg over 10 yearsShort answer: No.
-
Doktoro Reichard over 10 yearsLong answer: If you had knowledge of every action you made with your PC, then yes, you could track it.
-
Admin over 10 yearsOne thought I had was comparing the time of infection (or at least the day) with internet history. Keeping an eye out for any suspicious sites, that at least might give me an (albeit not definitive) idea of where it came from.
-
David Foerster over 10 yearsI would consider the (L)user a means not the origin.
-
phuclv almost 7 years@DoktoroReichard in some cases the virus sweeps in without any action from you, like the wannacry which takes advantage of the SMB bug
-