Ask your beginner questions here.
2 posts • Page 1 of 1
So my old hdd had an alureon rootkit in the last sectors of the drive and I was wondering how can I determine when it was created. Would there be a time stamp associated with it? Would looking at with a hex editor yield any results?
- Global Moderator
- Posts: 4766
- Joined: Sun Mar 07, 2010 5:35 am
- Location: Russian Federation
Old, unused hdd -> no way. You can determine when it was compiled however, if you manage to extract TDL components from drive. Also old TDL version may store install date in the config file.
Ring0 - the source of inspiration