Detect signs of malware with Recent Files Seeker

If you suspect your PC has been infected by malware, but your regular security package hasn't raised an alert, then you could try to locate the threat yourself. It's sometimes easier than you might expect.

One strategy is to search your system for recently changed or modified executables. If you find an EXE file created yesterday on your desktop, maybe an SCR file in a temporary folder, and you’re not sure how they got there, then they might deserve further investigation.

You don't need to install any software to make this happen. On Windows 8, open an Explorer window, choose the starting folder, click in the Search box, and you're able to set all kinds of parameters for the search ("Programs" modified in the "Last Week", say).

That's a good start, but Recent Files Seeker goes further, providing extra search options and saving a report which you can share with others.

The program is a single executable, only 300KB in size, and unsurprisingly has a very basic interface. It's really just a dialog box which runs a search, saves the results to a text file, and that’s it. There's not even a report viewer (the file opens automatically in Notepad).

Still, the search itself is quite capable. You start by entering a pattern representing the file types you’d like to locate (.exe|.dll|.com|.vbs|.cmd|.bat|.reg|.sys|.vbe|.scr by default), a starting folder, the time you’d like to check (creation, last modified, last accessed) and the maximum file age to report (the last x days).

One problem with this kind of tool is that you'll often get a lot of legitimate hits. Recent Files Seeker can help by excluding Microsoft files, so for example you won’t see the results of your last Windows update.

There's also an option to verify file signatures, and you’re able to customize the report by including file attributes, description, company name, file size, even the MD5 hash.

Once you've made your choices, click Start, and wait. Recent file seeker scans the system according to the rules you've specified, saves the results to a text file, and automatically opens this in Notepad when it’s done.

The final report is awkward to read, and because it's just a plain text file, not something you can easily organize (you can't just click a column header to sort path names, for example).

Recent Files Seeker’s search options and portability mean it can still be helpful, though, and on balance it probably deserves a place in your troubleshooting toolkit.