Solved I want to know when exactly did my PC get infected by virus

August 11, 2012 at 07:10:23
Specs: Windows Vista
Good day, dear Forumeers!
I have a question for you and would be very happy if you could help me.

Some days ago my computer was infected by a virus (Trojan.Agent.BVXGen).

I want to know when exactly I got this virus.

Here is a log from Malwarebytes Anti-Malware in the day of infection.

2012/08/08 12:14:25 +0100 DETECTION C:\Users\Name\AppData\Local\Temp\derm32.exe Trojan.Agent.BVXGen QUARANTINE

2012/08/08 13:55:15 +0100 DETECTION C:\Users\Name\AppData\Local\{aefc5b23-1b2a-033c-53ce-3c477fc66145}\n Trojan.Agent.BVXGen QUARANTINE

2012/08/08 13:55:15 +0100 DETECTION C:\Users\Name\AppData\Local\{aefc5b23-1b2a-033c-53ce-3c477fc66145}\n Trojan.Agent.BVXGen DENY

and so on... and so on,... the last text continues through the day in vairous timepoints.

My question is following:
I received a .PNG file (image) at my MSN, and the creation of this file on my computer is 13:55:28..... Which makes me to be suspicious whether it is the source of the vius? Since the difference between this time and the time of virus notification is only a few seconds.....

On the other hand, the first time this virus is visible in my program is much earlier (12:14:25), before I received the file..... The only thing that is strange that the first time the location is (C:\Users\Name\AppData\Local\Temp\derm32.exe)... but the other times the location is (C:\Users\Name\AppData\Local\{aefc5b23-1b2a-033c-53ce-3c477fc66145}\n)..... And the first time of this new location is very close to the time I received a PNG-file....

So my question is... Could the source of the virus be the PNG-file? Since the file creation time (acceptance) is very close to the time of the second virus notification........ Or was I infected much earlier, and the time of the second virus-notification is only a coincidence? In this case, why is the location of virus different this time?

Thank you very much for your answers.


See More: I want to know when exactly did my PC get infected by virus

Report •

#1
August 11, 2012 at 08:36:56
Some virus detection alerts are/can be "false positives" (it's usually the free antivirus softwares which have the worst record for giving false alerts, but some 'paid for' antivirus also give false alerts in varying degrees).

When I'm not sure (I use Norton Internet Security so that's not very often) I upload the suspect file to Virustotal for an instant second opinion: https://www.virustotal.com/


Report •

#2
August 11, 2012 at 08:44:28
Thank you.
I've scanned the file without any virus alerts in it. But on the other hand, I did this scan after I've deleted the virus from my computer... So this .PNG file can be clean now.

Do you think it's likely that I've been infected by a .PNG-file?

I also wonder why the first time I got alert, the virus was in "AppData\Local\Temp\derm32.exe".
The second alert, the virus was in "AppData\Local\{aefc5b23-1b2a-033c-53ce-3c477fc66145}\n".

The first alert was hour prior I received the .PNG-file....
But the second alert was almost in the same minut I received the .PNG-file...(and virus alert was also in different location, than first alert)...

Is it only a coincidence? Or did I perhaps got infected 2 times by 2 different sources.

How likely do you think that I was infected by the PNG-picture?
Or did I got infected prior that, and then the virus just moved to other locations, and the time of second alert and receivement of PNG is only coincidence?


Report •

#3
August 11, 2012 at 09:15:44
✔ Best Answer
A virus can act in more than one directory. In the both alerts in your last post the virus name is the same, so I would say that the virus was most likely present prior to downloading the .png file. Since Virustotal didn`t detect anything in the file, that is another sign that the file is clean. Your PC antivirus would have deleted it if it wasn`t.

Google is your friend

www.google.com

-----------------------

Have a GREAT day!


Report •

Related Solutions

#4
August 11, 2012 at 09:26:02
my suspicion is that if this file had anything to do with it, it came from something linked to it, maybe a hidden file. However, under normal situations that extention is unlikely to contain a virus, though it could have been mascarading as something else.

:: mike


Report •

#5
August 11, 2012 at 17:42:19
Thanks a lot for your responses.

So most likely the virus was there before the receivment of the PNG-file.

The timepoint of the second alert (corresponding to the PNG) is also a coincidence?
And new location is because it's changed directory.

So if the PNG was affected, the antivirus would delete the whole png? not only the virus-part?

---

Sorry for these questions... Just worried that my business-counterpart was the one who send me this agent-virus through image..... But seems that virus was there before? And it's only a coincidence that it makes alert at the time of receivement?


Report •

#6
August 12, 2012 at 03:54:16
So if the PNG was affected, the antivirus would delete the whole png? not only the virus-part?

Yes. Atleast it would indicate that the file is infected in the log, which it didn`t.

So most likely the virus was there before the receivment of the PNG-file.

Most certainly.

The timepoint of the second alert (corresponding to the PNG) is also a coincidence?

The second alert was actually before receiving the file, so yes, it is most certainly a coincidence. You can redownload and rescan the file both with the antivirus and on the internet to verify.

Google is your friend

www.google.com

-----------------------

Have a GREAT day!


Report •

#7
August 12, 2012 at 12:49:42
Thank you very much :) !

Report •

#8
August 12, 2012 at 23:52:06
You are quite welcome :-).

Google is your friend

www.google.com

-----------------------

Have a GREAT day!


Report •

Ask Question