Can Shadow Products Protect System Time ?

Discussion in 'other anti-malware software' started by Perman, Apr 10, 2008.

Thread Status:
Not open for further replies.
  1. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks:

    This question has entered my mind for quite some time now.

    I am not a computer tech, I would like to hear more from the gurus.

    A while ago, reports indicated that some viruses/worms are able to revert system time to a distant back (say, year 1990, or even 1999), thus rendering AVs/ASs and alike useless.

    In theory, Under Shadow mode/freeze state, all drive or system drives are protected, could system time be altered as result of such attack ?

    I read some saying that system time file is stored at BOIS, not at Harddisk, is this true ?

    Looking forward to your replies. Thanks.
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    That's true. All the shadow products I've tried so far don't protect against system time changes.

    It'd be horribly annoying if they did, though, since then your system clock would be reset to an incorrect time every time you exit shadow mode. If you're worried about malware that fiddles with your clock, you can edit your group policies and remove privileges for this, or simpler, use a limited account.
     
  3. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    there are some HIPS which hook the ZwxxxTime can help you.
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    such as ?
     
  5. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
  6. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I download that and extract. Then I start 360TimeProt.exe. There are 2 option and if I understand correctly left side button is activate and right side deactivate. Now I only need to know what those options are?

    :D
     
  7. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    There are 4 buttons in the main GUI like this:

    1)Install the Time Protect - 2)Uninstall the Time Protect
    3)Enable the Time Protect - 4)Disable the Time protect

    Hope this is helpful.
     
  8. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Thank you.
     
  9. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    ClamAV 0.92.1 2008.04.12 W32.Zloyfly
    DrWeb 4.44.0.09170 2008.04.12 Trojan.DownLoader.49824
    Ikarus T3.1.1.26 2008.04.12 Trojan-Dropper.Win32.Flystud.B
    Prevx1 V2 2008.04.12 Generic.Malware
    VBA32 3.12.6.4 2008.04.06 Trojan.BAT.KillAV.df
    Webwasher-Gateway 6.6.2 2008.04.11 Win32.Malware.gen (suspicious)

    You sure this is safe?
     
Loading...
Thread Status:
Not open for further replies.