Author Topic: Should the PC be re-set to year 2099 by Malware could Avast still work pls?  (Read 3294 times)

Offline Saulius

  • Jr. Member
  • **
  • Posts: 62
    • Personal Message (Offline)
I have had it happen a few times that the PC clock has been re-set for whatever reason (possibly with a BSOD issue but most likely caused by Malware infection) to the year 2099! :o

Usually it gets set to the 1/1/2099 with or without a different or wrong day of the Week, and while it isn't too much of a bother returning the date & time back in Windows 7 this is quite annoying to have to do but...

The bigger concern, especially if it is a form of hack vulnerability for a sleeping backdoor trojan or malware exploit that is activated when the system clock is adjusted to that ridiculously future arbitrary date a few things stop working properly especially security software with end date licenses, so they just automatically stop functioning.

Avast! is one such program that unfortunately stops functioning completely and fails like others to be allowed to update or re-start in 2099, IME. I've had this happen a few times in the past and figure that a full system reformat swipe and re-install ultimately is the most secure way to completely clean the PC in such cases where even after returning to current date & time scans can't find the fault or cause. (Which I had to do recently.)

While it may not be absolutely necessary to go through this extreme procedure, I find it loathsome that while the PC was unfathomably re-set to the year 2099 my Avast! resident AV had turned itself off no matter what the reason was for the PC year date change.

Because it is more than likely to have been a suspicious action and most likely to have allowed for further unchecked activities with Avast! and other security turned off, I think it would be good to have Avast! still fully function if the year is 'discovered' to be 2099. ;)

Sure this won't prevent similar issues with inexplicable randomly year changes, but for some reason this year 2099 thing is pretty regular and might be a MS Windows default thing anyway, so it would help in these most frequent circumstances of this type of occurrence if Avast! could be somehow set to still fully function if the year 2099 is encountered. 
« Last Edit: February 18, 2012, 01:05:20 PM by Saulius »

Offline kls490

  • Full Member
  • ***
  • Posts: 187
    • Personal Message (Offline)
Hi Saulius,

     You certainly have a problem I've never encountered!  Perhaps someone more knowledgeable than I can explain what is happening here.
« Last Edit: February 18, 2012, 01:17:59 PM by spc3rd »
kls490

Dell Optiplex 755 Desktop | Win 7 Pro SP1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate (SATA) HDD | Avast! AV (free) | MBAM Premium 2.0 | SAS (on-demand) | Outpost Firewall Pro | Spywareblaster | IE11 & FF w/ NoScript | Disconnect | Adblock Plus

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Normally I would suspect the CMOS battery - but that usually reverts to the installation date and time...  So 'tis a bit weird

Offline Saulius

  • Jr. Member
  • **
  • Posts: 62
    • Personal Message (Offline)
@spc3rd

Yes, nothing found even after the likes of SAS and MBAM have been updated and I've even tried more extreme methods with Combo fix etc.

This has happened more than once and I have gone through the process of deleting my system including storage drives for good measure and re-formating and cleaning re-installing W7.

I take it as a sign of a massive system compromise which I heavily suspect it actually is of its self with the re-setting to 2099 and outside of licence end date by too far...

I don't know too much about this really, but because it manages to turn off most security features and programs I assume it's bad even if it is caused by a conflict or through MS ineptitude, although I think it usually occurs with BSOD and a series of failed boot ups with my Asus Mobo which might require the BIOS to be explored.  ???

@essexboy

I sometimes have to hit the CMOS re-set button or choose to restore default BIOS settings before actually getting to even boot up into the Asus Mobo BIOS setting and neither of these actions result in a re-setting to the year 2099. In fact IIRC it is only the OS date that is 2099, not the CMOS battery which will still be at current!
« Last Edit: February 18, 2012, 01:41:14 PM by Saulius »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
That combination sounds like a MOBO problem to me

Offline !Donovan

  • LÖVE Scripting Website Analyst
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2138
  • Gender: Male
  • f(x)=2x+1
    • The WAR Against Malware
    • Personal Message (Offline)
This is a very interesting theory that should be taken into account.

A very dangerous exploit if used properly. >:(
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
Useful Links: Sucuri SiteCheck | WAR | urlQuery | URLVoid | Wepawet

Offline Saulius

  • Jr. Member
  • **
  • Posts: 62
    • Personal Message (Offline)
Sorry Essexboy, I should have also indicated that I remember a few of the BSODs being preceded by a few likely infections, such as odd online behaviour hold ups, 4/504s & redirects,  possible bot worm events etc, you know the kinds of things that you just know involved your PC getting infected with something despite all your security, precautions and conscientious browsing.  :-[

@!Donovan Um, "A very dangerous exploit if used properly" by whom? (And those parties are the questionable ppls.)
« Last Edit: February 18, 2012, 01:57:46 PM by Saulius »

Offline !Donovan

  • LÖVE Scripting Website Analyst
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2138
  • Gender: Male
  • f(x)=2x+1
    • The WAR Against Malware
    • Personal Message (Offline)
@!Donovan Um, "A very dangerous exploit if used properly" by whom? (And those parties are the questionable ppls.)

The malware makers :P
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."
Useful Links: Sucuri SiteCheck | WAR | urlQuery | URLVoid | Wepawet

Offline Saulius

  • Jr. Member
  • **
  • Posts: 62
    • Personal Message (Offline)
The malware makers :P

Exactly, so if I know not what but am sure 'tis some weird horror then the only guaranteed removal for clean system integrity is a complete re-formated install since who knows just what the whatever kind of undetectable recalcitrant probable infection is doing with my system, possibly not even their makers!  :'(
« Last Edit: February 18, 2012, 03:22:46 PM by Saulius »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
There is only one at the moment that will survive a re-install

Download aswMBR.exe ( 4.1mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 



On completion of the scan click save log, save it to your desktop and post in your next reply



Offline Saulius

  • Jr. Member
  • **
  • Posts: 62
    • Personal Message (Offline)
Re: Should the PC be re-set to year 2099 by Malware could Avast still work pls?
« Reply #10 on: February 19, 2012, 02:07:09 AM »
I'm not saying that I still have the infection, I'm pointing out my experience with a particular suspect issue of my system clock date being re-set to 2099 which has occurred a few times for me and what it results in with regard to the dysfunctionality of Avast! as resident AV (not only own its own in that boat in the situation) and that it could be something that could possibly be addressed.

I am interested to know if anyone else has experienced this 2099 re-setting of the year thing, which I'm positive is only the OS, but it could be the CMOS/BOIs too, but I'm pretty sure it's just the former.

I have used aswMBR quite regularly over many months and in relation to such instances a few times when my system clock has been re-set to the year 2099 and also once I have re-installed it on my clean system after a complete re-formating procedure, anyway I've conducted another scan with it but I think it is clear:


aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-19 13:47:42
-----------------------------
13:47:42.487    OS Version: Windows 6.1.7601 Service Pack 1
13:47:42.488    Number of processors: 2 586 0x1706
13:47:42.489    ComputerName: SXXX-PC  UserName: Sxxx
13:48:18.225    Initialize success
13:48:18.725    AVAST engine defs: 12021802
13:48:40.319    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:48:40.322    Disk 0 Vendor: WDC_WD3000HLFS-01G6U1 04.04V02 Size: 286168MB BusType: 3
13:48:40.327    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
13:48:40.330    Disk 1 Vendor: SAMSUNG_HD103UJ 1AA01106 Size: 953869MB BusType: 3
13:48:40.348    Disk 0 MBR read successfully
13:48:40.352    Disk 0 MBR scan
13:48:40.357    Disk 0 Windows 7 default MBR code
13:48:40.365    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:48:40.385    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       286066 MB offset 206848
13:48:40.400    Disk 0 scanning sectors +586070016
13:48:40.442    Disk 0 scanning C:\Windows\system32\drivers
13:48:55.810    Service scanning
13:49:07.733    Modules scanning
13:49:38.394    Disk 0 trace - called modules:
13:49:38.620    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
13:49:38.628    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85682a38]
13:49:38.635    3 CLASSPNP.SYS[88d8f59e] -> nt!IofCallDriver -> [0x8559b918]
13:49:38.643    5 ACPI.sys[888c73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x855a0908]
13:49:39.173    AVAST engine scan C:\Windows
13:49:40.303    AVAST engine scan C:\Windows\system32
13:50:53.655    AVAST engine scan C:\Windows\system32\drivers
13:51:00.094    AVAST engine scan C:\Users\Sxxx
13:51:38.961    AVAST engine scan C:\ProgramData
13:51:53.323    Scan finished successfully
13:52:31.261    Disk 0 MBR has been saved successfully to "C:\Users\Sxxx\Desktop\MBR.dat"
13:52:31.267    The log file has been saved successfully to "C:\Users\Sxxx\Desktop\aswQuickScan.txt"
« Last Edit: February 19, 2012, 02:09:14 AM by Saulius »

Offline mchain

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2177
  • Gender: Male
  • Spartan Warriors
    • Personal Message (Offline)
Re: Should the PC be re-set to year 2099 by Malware could Avast still work pls?
« Reply #11 on: February 19, 2012, 07:14:20 AM »
Quote
There is only one at the moment that will survive a re-install

Name, please?

Reason is so one does not waste time trying to clean, but uses another hdd to install.
XP Pro SP3 P4 3.2 HT 2GB RAM AIS v 2014.9.0.2011 Secunia PSI version 2.0.0.3003 TREND Micro RUBotted Beta Javacool SpywareBlaster version 5.0 Sandboxie v. 4.09 32-bit WOT (Web Of Trust) Browser reputation-based add-on http://www.mywot.com/   New: avast! listing of vendor uninstall tools:  http://www.avast.com/faq.php?article=AVKB11#artTitle
W7 Home Premium 64-bit SP1, 2.8 Pentium D, 3 GB RAM AIS v 2014.9.0.2016 (running same programs as above) Sandboxie 4.09 64-bit

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 29024
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Should the PC be re-set to year 2099 by Malware could Avast still work pls?
« Reply #12 on: February 19, 2012, 09:52:17 AM »
Nope there is no sign of the TDL stealth there so I would assess it to be a hardware problem of some sort


Offline logos

  • avast! Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9456
  • Gender: Male
    • Personal Message (Offline)
Re: Should the PC be re-set to year 2099 by Malware could Avast still work pls?
« Reply #13 on: February 19, 2012, 10:26:41 AM »
clocks being reset on the system (OS) to one or two years earlier have one single reason generally, running an illegal version of Windows. Some "patches" just do that. I've seen it on someone's XP computer, that prevented the system from checking for updates, from checking if Windows was activated, and detect that Windows was not genuine  ;D

ps: BSOD's don't do that  :D

edit: http://www.microsoft.com/genuine/validate/
« Last Edit: February 19, 2012, 10:37:10 AM by logos »
w7 - ais7

Offline ady4um

  • Massive Poster
  • ****
  • Posts: 2676
    • Personal Message (Offline)
Re: Should the PC be re-set to year 2099 by Malware could Avast still work pls?
« Reply #14 on: February 19, 2012, 10:43:57 AM »
Using some (small size) Live CD/UFD to check the date/time is an alternative.

In theory, the CMOS, Windows OS and Live CD date/time should be all the same (except, maybe, for some Daylight Saving Time difference).

According to what the Live CD would show, and correcting the CMOS clock, you should be able to identify if the problem is either hardware, the CMOS battery, power failure or some software-related issue.
ADD/REMOVE PROGS -> avast -> CHANGE/REMOVE -> REPAIR & REBOOT
Avast! 7 FAQ | FAQ & KB | Docs | Removal Utils | Configure Mail Shield | report FP | License Registration | UNSECURED?

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now