0

I recently found out that my pc has been infected by some serious spyware and while I did successfully remove them, I’m afraid that that malware affected the antimalware and management solutions I installed on my PC.

In order to find out whether or not my antimalware is affected, I want to compare the event logs used exclusively by the specific antimalware software is similar to different event logs stored in windows (post virus removal).

I did some research to find out that Windows stores different event logs in the registry, setupapi.*.log, %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-Partition%4Diag nostic.evtx, and C:\Users<username>\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat .

My question is

  1. whether an antimalware or pc management solution uses the same event logs used by default in windows, and
  2. if they maintain separate event logs, methods I can use to locate, open, view, or edit those event logs that are unique to those pieces of software. \
schroeder
  • 123,438
  • 55
  • 284
  • 319
rasputin
  • 1
  • First, you don't recover a system infected, you nuke it, reinstall, recover your backups. It's the only way to be sure. Second, your question cannot be properly answered because each antimalware is unique, they usually employ non-public methods, and store logs in diverse locations. – ThoriumBR Sep 08 '22 at 11:24
  • Hmm… but what if some of those backups are also infected? Could you provide me some leads at least to find those diverse locations? Surely it’s not impossible. – rasputin Sep 08 '22 at 11:54

0 Answers0