When we kill viruses with antivirus software, usually we would detect many “viruses”, and many people would rather to kill all than to let go one innocent, they would like to delete all detected “viruses”. Actually it’s not advisable to delete all, some are system files infected, which could not be deleted. Here I introduce few ways to recognize virus files, hope could help somehow.
1. File time
If you feel something wrong with the computer, after checking with antivirus software, there’s no any response or you still feel something wrong after cleaning a part of viruses, then you can check the suspected objects according file time.
File time could be creating time, modification time (and access time, here not discuss), we can see from file property, right click on file and choose Properties, then in “General” page, you can see these times.
Generally, the creating time and modification time of viruses and Trojans are kind of latest, if you find something early, basically it would be these days or current day. C:\windows and c:\windows \system32, sometimes also C:\windows\system32\drivers; if it’s Win 2000 system, then change the Windows upper there to Winnt, these are the places where viruses and Trojans like to stay, sort by time (View—detail information, then click the “Change time” button on title bar), check the files of these recent days, especially pay attention to .exe and .dll files, sometimes, there are .dat, .ini, .cfg files.