[plug] Nasty windows viruses (somewhat on topic, really!)

[Michael Holland]

You could make an expendable copy of part of a windows partition, and
"share" it. The trojan might be looking at the \windows or
 "Documents and Settings". Raise the log/debug level. You couldn't expect
it to normally log every action.
  Then let the trojan loose, and compare data to the original later, as
well as atimes. I'd guess SMB can reset mtime on modified files, but not atime?
  Also watch the firewall for possible attempts to send data home.


--