Should the PC be re-set to year 2099 by Malware could Avast still work pls?

I have had it happen a few times that the PC clock has been re-set for whatever reason (possibly with a BSOD issue but most likely caused by Malware infection) to the year 2099! :o

Usually it gets set to the 1/1/2099 with or without a different or wrong day of the Week, and while it isn’t too much of a bother returning the date & time back in Windows 7 this is quite annoying to have to do but…

The bigger concern, especially if it is a form of hack vulnerability for a sleeping backdoor trojan or malware exploit that is activated when the system clock is adjusted to that ridiculously future arbitrary date a few things stop working properly especially security software with end date licenses, so they just automatically stop functioning.

Avast! is one such program that unfortunately stops functioning completely and fails like others to be allowed to update or re-start in 2099, IME. I’ve had this happen a few times in the past and figure that a full system reformat swipe and re-install ultimately is the most secure way to completely clean the PC in such cases where even after returning to current date & time scans can’t find the fault or cause. (Which I had to do recently.)

While it may not be absolutely necessary to go through this extreme procedure, I find it loathsome that while the PC was unfathomably re-set to the year 2099 my Avast! resident AV had turned itself off no matter what the reason was for the PC year date change.

Because it is more than likely to have been a suspicious action and most likely to have allowed for further unchecked activities with Avast! and other security turned off, I think it would be good to have Avast! still fully function if the year is ‘discovered’ to be 2099. :wink:

Sure this won’t prevent similar issues with inexplicable randomly year changes, but for some reason this year 2099 thing is pretty regular and might be a MS Windows default thing anyway, so it would help in these most frequent circumstances of this type of occurrence if Avast! could be somehow set to still fully function if the year 2099 is encountered.

Hi Saulius,

 You certainly have a problem I've never encountered!  Perhaps someone more knowledgeable than I can explain what is happening here.

Normally I would suspect the CMOS battery - but that usually reverts to the installation date and time… So 'tis a bit weird

@spc3rd

Yes, nothing found even after the likes of SAS and MBAM have been updated and I’ve even tried more extreme methods with Combo fix etc.

This has happened more than once and I have gone through the process of deleting my system including storage drives for good measure and re-formating and cleaning re-installing W7.

I take it as a sign of a massive system compromise which I heavily suspect it actually is of its self with the re-setting to 2099 and outside of licence end date by too far…

I don’t know too much about this really, but because it manages to turn off most security features and programs I assume it’s bad even if it is caused by a conflict or through MS ineptitude, although I think it usually occurs with BSOD and a series of failed boot ups with my Asus Mobo which might require the BIOS to be explored. ???

@essexboy

I sometimes have to hit the CMOS re-set button or choose to restore default BIOS settings before actually getting to even boot up into the Asus Mobo BIOS setting and neither of these actions result in a re-setting to the year 2099. In fact IIRC it is only the OS date that is 2099, not the CMOS battery which will still be at current!

That combination sounds like a MOBO problem to me

This is a very interesting theory that should be taken into account.

A very dangerous exploit if used properly. >:(

Sorry Essexboy, I should have also indicated that I remember a few of the BSODs being preceded by a few likely infections, such as odd online behaviour hold ups, 4/504s & redirects, possible bot worm events etc, you know the kinds of things that you just know involved your PC getting infected with something despite all your security, precautions and conscientious browsing. :-[

@!Donovan Um, “A very dangerous exploit if used properly” by whom? (And those parties are the questionable ppls.)

The malware makers :stuck_out_tongue:

Exactly, so if I know not what but am sure ‘tis some weird horror then the only guaranteed removal for clean system integrity is a complete re-formated install since who knows just what the whatever kind of undetectable recalcitrant probable infection is doing with my system, possibly not even their makers! :’(

There is only one at the moment that will survive a re-install

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif

I’m not saying that I still have the infection, I’m pointing out my experience with a particular suspect issue of my system clock date being re-set to 2099 which has occurred a few times for me and what it results in with regard to the dysfunctionality of Avast! as resident AV (not only own its own in that boat in the situation) and that it could be something that could possibly be addressed.

I am interested to know if anyone else has experienced this 2099 re-setting of the year thing, which I’m positive is only the OS, but it could be the CMOS/BOIs too, but I’m pretty sure it’s just the former.

I have used aswMBR quite regularly over many months and in relation to such instances a few times when my system clock has been re-set to the year 2099 and also once I have re-installed it on my clean system after a complete re-formating procedure, anyway I’ve conducted another scan with it but I think it is clear:

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-19 13:47:42

13:47:42.487 OS Version: Windows 6.1.7601 Service Pack 1
13:47:42.488 Number of processors: 2 586 0x1706
13:47:42.489 ComputerName: SXXX-PC UserName: Sxxx
13:48:18.225 Initialize success
13:48:18.725 AVAST engine defs: 12021802
13:48:40.319 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP2T0L0-2
13:48:40.322 Disk 0 Vendor: WDC_WD3000HLFS-01G6U1 04.04V02 Size: 286168MB BusType: 3
13:48:40.327 Disk 1 \Device\Harddisk1\DR1 → \Device\Ide\IdeDeviceP3T0L0-3
13:48:40.330 Disk 1 Vendor: SAMSUNG_HD103UJ 1AA01106 Size: 953869MB BusType: 3
13:48:40.348 Disk 0 MBR read successfully
13:48:40.352 Disk 0 MBR scan
13:48:40.357 Disk 0 Windows 7 default MBR code
13:48:40.365 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:48:40.385 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 286066 MB offset 206848
13:48:40.400 Disk 0 scanning sectors +586070016
13:48:40.442 Disk 0 scanning C:\Windows\system32\drivers
13:48:55.810 Service scanning
13:49:07.733 Modules scanning
13:49:38.394 Disk 0 trace - called modules:
13:49:38.620 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
13:49:38.628 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x85682a38]
13:49:38.635 3 CLASSPNP.SYS[88d8f59e] → nt!IofCallDriver → [0x8559b918]
13:49:38.643 5 ACPI.sys[888c73d4] → nt!IofCallDriver → \Device\Ide\IdeDeviceP2T0L0-2[0x855a0908]
13:49:39.173 AVAST engine scan C:\Windows
13:49:40.303 AVAST engine scan C:\Windows\system32
13:50:53.655 AVAST engine scan C:\Windows\system32\drivers
13:51:00.094 AVAST engine scan C:\Users\Sxxx
13:51:38.961 AVAST engine scan C:\ProgramData
13:51:53.323 Scan finished successfully
13:52:31.261 Disk 0 MBR has been saved successfully to “C:\Users\Sxxx\Desktop\MBR.dat”
13:52:31.267 The log file has been saved successfully to “C:\Users\Sxxx\Desktop\aswQuickScan.txt”

There is only one at the moment that will survive a re-install

Name, please?

Reason is so one does not waste time trying to clean, but uses another hdd to install.

Nope there is no sign of the TDL stealth there so I would assess it to be a hardware problem of some sort

clocks being reset on the system (OS) to one or two years earlier have one single reason generally, running an illegal version of Windows. Some “patches” just do that. I’ve seen it on someone’s XP computer, that prevented the system from checking for updates, from checking if Windows was activated, and detect that Windows was not genuine ;D

ps: BSOD’s don’t do that :smiley:

edit: http://www.microsoft.com/genuine/validate/

Using some (small size) Live CD/UFD to check the date/time is an alternative.

In theory, the CMOS, Windows OS and Live CD date/time should be all the same (except, maybe, for some Daylight Saving Time difference).

According to what the Live CD would show, and correcting the CMOS clock, you should be able to identify if the problem is either hardware, the CMOS battery, power failure or some software-related issue.

Cheers Essexboy, thanks for your overview of my aswMBR scan log, but after my recent ‘double’ full reformat/re-install procedure I don’t expect to have it now, but I have definitely had something beforehand - I’m not currently experiencing these re-sets to year 2099 anymore ATM.

AFAIK the CMOS Battery is fine, my main source of freezes and crashes are due to unavoidable sound driver issues I believe, but they aren’t causing BSODs though, something else must have caused those…

Interestingly a few times in the past I’ve seen a clear pop up appear in the bottom right hand corner of screen showing up saying that my copy of Windows isn’t genuine and requesting that I validate it ‘again’ by clicking to connect to who knows where? Although if I check things on the system in these cases everything else says otherwise. I ignore it and while it seems to mess with a few things it just goes away after a systems check, delete of temps & a reboot. This isn’t happening at the same time as my 2099 re-set thing, OTOH however it might be related or be another example of the same kind of malware exploit.

Actually TBH I rather suspect that may be it could be due to some unidentified backdoor trojan PUP that might be responsible at least in some of my cases, say from something like toolbars, Alfa Autorun Killer, ZA, anything from IObit, IMGBURN or Privex free scanner perhaps along with many others? (I recommend totally avoiding these probable SPYwares of course. ;))

BTW my copy of M$ Windows 7 is from a genuine retail CD with product key and correctly registered, sheesh!

When you reinstall Windows, you need to validate it again.

Go to Start menu and right click on “My Computer → properties”. Scroll down the “System” window and at the bottom you should be able to activate your genuine copy of Windows.

I’m not saying this is the reason for your date/time problems. I’m just saying that this might solve some other “quirks”. Windows Activation needs to be done every time you install Windows, and should also let you receive ALL Windows Updates.

Thanks ady4um for reminding us that after every time one re-installs Windows to validate its Activation to receive All Windows Updates… which I have done (I meant by registered) and after which I er, received all their up-the-dates to hopefully prevent any other “quirks”.

The point is that sometimes something can cause these OS clock re-sets to the year 2099 and I’m suggesting it would help if Avast!# remained at least temporarily functional in that kind of maladjusted environment and still do its job rather than succumbing to a faked out of end of licence date hoodwink and instead for the AV to continue to provide protection during similar kinds of ‘quirkiness’, which especially because it is switching off like most other security while most likely there’s an open exploit that probably allows malware to royally backdoor trojanate!

If some malware is there (doing whatever), the system needs to be cleaned, independently of avast protecting you with the latest definitions updates or a license. Clean it, ASAP. Have a backup of your data. The rest, doesn’t matter as much.

Once the system is clean, set the date/time back to normal, and avast should work as usual, with updates and your valid license.

Avast (or any other security tool for that matter) is not AI. There is no way avast can “automagically” understand that the date/time was changed by some malware. If there is such malware already known by avast, then avast would block it on the first place, avoiding the problem altogether.

@ ady4um

When this has happened in the past yes, return the clock date back in Windows, (delete temp files & invalid registry entries) validate lic, update and scan with everything, backup data, proceed to reboot & system restore and finally ultimately re-format to ensure a clean system, yada yada etc. :-X

I am not saying that I still have this problem, but that it has occurred on my system in the past a few times for which I have gone to the lengths of re-formating my hard drives, but that is not the issue, just my experience and counter measures taken forthwith, however…

I’m simply just suggesting that Avast! be programmed by the developers so that in these instances of the system clock being maladjusted and re-set to 1/1/2009 that it have in it a built in mechanisim to delay it from being tricked into turning off as out of date suddenly because I believe this is a backdoor trojan exploit technique - it may just be a Windows update bug for all I know, but even so I’d hazard to assume that malware might not still take advantage. How about if Avast! managed somehow to function under those circumstances as I wish, anyone else?

So far no one else has said that they have experienced the same 2099 date re-setting circumstance, well not yet but please do bear in mind that future setting the date has been used as an exploit for fooling programs in the past and no doubt could be taken advantage of by malware, so I’m suggesting that Avast! could ‘automajically’ understand that the date/time is wacko and continue to function, if only temporarily with say a nag to re-check the date & time before it solemnly ends its own life.