Is it possible to find the origin of a virus?

windows security virus malware
8,738

What you are asking looks very much like what forensic researchers do in criminal cases. You could make a copy of the disk and then with painstaking manual analysis and forensic tools try to find clues. You could maybe determine the time of infection, and if enough logs are left try to list the sources accessed around that time.

But success is definitely not guaranteed, for a number of reasons:

  • you did not have systematic logging active on an 'ordinarily configured' computer

  • the infection sources may have changed/gone; you do have some extra information here in cases where 'familiar' viruses have been distributed through a limited number of sites (not likely).

  • especially in your case is sound like an ordinary hard disk that has been used since the infection, thereby overwriting important information from around the time of infection.

So, for all practical purposes, the answer is 'very unlikely'.

Share:
8,738

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin over 1 year

    Is there any method with which you can determine the origin for a given piece of malware in Windows?

    One of my PCs was recently infected with the PWS:Win32/Zbot.gen!AP password stealing trojan. Is there any way to tell from what source this virus was downloaded from?

    • Oliver Salzburg
      Oliver Salzburg over 10 years
      Short answer: No.
    • Doktoro Reichard
      Doktoro Reichard over 10 years
      Long answer: If you had knowledge of every action you made with your PC, then yes, you could track it.
    • Admin
      Admin over 10 years
      One thought I had was comparing the time of infection (or at least the day) with internet history. Keeping an eye out for any suspicious sites, that at least might give me an (albeit not definitive) idea of where it came from.
    • David Foerster
      David Foerster over 10 years
      I would consider the (L)user a means not the origin.
    • phuclv
      phuclv almost 7 years
      @DoktoroReichard in some cases the virus sweeps in without any action from you, like the wannacry which takes advantage of the SMB bug

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"Trojan:Script/Cloxer.A!cl", any info on this virus? what does this virus do?
How can I make a Windows PC bullet-proof for home users?
can windows virus affect Linux machine through wine?
Identifying program attempting to install certificate on windows
How to remove the FBI Ransomware malware?
I can't open/ping any antivirus sites
What to do about counterfeit Windows warning
How to clean a computer with multiple accounts infected with spyware, viruses?
How to be safe plugging in an infected USB?
Is my host machine completely isolated from a virus-infected virtual machine?