I read that there are some malware that can change system time. I will like to see a VirusTotal or Jotti,s scanning result of such a virus. Anyone please?

Thanks

Hello aigle,

This topic came up recently with some friends. So far, we've found that

1) running as Limited User (Standard User in Vista), the user cannot change the system time. Vista also has an "Administrator Approval Mode":

http://technet.microsoft.com/en-us/windowsvista/aa940967.aspx

2) Deep Freeze restricts access to changing the system time. Here using Win2K in Administrative mode:


194106
________________________________________________________________

194107

It would be interesting to try this malware you refer to, to see if it can bypass the above situations.

We did agree, though, that if a user's system was compromised with such malware, she probably had more serious problems than just this!

-rich

Hi Rmus! Agree with u.

On XP when I run command C:\>time, I don,t get system time. I am not at all familiar with command line. How I can run these commands?

I am trying to get such a virus too, for testing.

Thanks

Hello aigle,

I just tried the Time command from a command prompt on my Laptop with WinXP SP1 running as Administrator, and I am able to access/change the System Time.

Are you running as a Limited User?

-rich

Running as Admin, I run cmd.exe from start, all programs, accessories
then CD\
C:\>time

This is what I get. I must be wrong somewhere. I don,t know even the ABC of command line.

Hello, aigle,

At the Prompt: C:/>

type: time

You typed: C:/>time

Hence, the error message

-rich

Thanks. I knew that I am making some dumb mistake. Tried it.
EQS intercepted successfully.
GW seems to be failed but I need to confirm it. I will send them mail about it.
194134
194135

Hello aigle,

The only thing that I know that can change time is the subseven trojan. For more information please see the following links.

http://www.f-secure.com/v-descs/subseven.shtml
http://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99

Hope this helps.


Peace & Love,

CogitoErgoSum

Thanks.
I will see how I can find it..

{QUOTE-> I read that there are some malware that can change system time. I will like to see a VirusTotal or Jotti,s scanning result of such a virus. Anyone please?

Thanks <-QUOTE}

I have run into a least a dozen websites that downloaded malware and changed the system time which disabled Kaspersky >:( I dont know the names thought because they weren't detected.

Can u PM me the links. Thanks

{QUOTE->
On XP when I run command C:\>time, I don,t get system time. <-QUOTE}

Changing time is useless.What you "need" to use is the DATE command.

I meant this, time/ date/ year anything.
Tried again and same results, EQS passed. GW failed.

Luckily I found few samples of such viruses.

I tried them against EQS and GW. EQS sucessfully intercepted it. GW failed.