I recently cleared a malware program off my computer. I noticed whenever I changed the date, it would try to access the internet, and I thought that was odd.
None of my AV software detected any problems, but running Process Explorer
, I could see a suspicious dll with random letters as its filename, that was running as a thread in explorer.exe. The dll was encrypted somehow, and refused to delete, even when the thread was terminated.
(Process explorer is portable software that you can unzip to a usb stick and run it from there without installation.)
I used a Live copy of Knoppix
to boot my computer and access the hard drive that way. I deleted the suspicious dll as well as a couple of other files with the exact same date/time.
Computer no longer tries to access the internet when I change the system date.